NAME
POLICYINFO_new
,
POLICYINFO_free
,
CERTIFICATEPOLICIES_new
,
CERTIFICATEPOLICIES_free
,
POLICYQUALINFO_new
,
POLICYQUALINFO_free
,
USERNOTICE_new
,
USERNOTICE_free
,
NOTICEREF_new
,
NOTICEREF_free
,
POLICY_MAPPING_new
,
POLICY_MAPPING_free
,
POLICY_CONSTRAINTS_new
,
POLICY_CONSTRAINTS_free
—
X.509 certificate policies
SYNOPSIS
#include
<openssl/x509v3.h>
POLICYINFO *
POLICYINFO_new
(void);
void
POLICYINFO_free
(POLICYINFO
*pi);
CERTIFICATEPOLICIES *
CERTIFICATEPOLICIES_new
(void);
void
CERTIFICATEPOLICIES_free
(CERTIFICATEPOLICIES
*pis);
POLICYQUALINFO *
POLICYQUALINFO_new
(void);
void
POLICYQUALINFO_free
(POLICYQUALINFO
*pqi);
USERNOTICE *
USERNOTICE_new
(void);
void
USERNOTICE_free
(USERNOTICE
*usernotice);
NOTICEREF *
NOTICEREF_new
(void);
void
NOTICEREF_free
(NOTICEREF
*noticeref);
POLICY_MAPPING *
POLICY_MAPPING_new
(void);
void
POLICY_MAPPING_free
(POLICY_MAPPING
*pm);
POLICY_CONSTRAINTS *
POLICY_CONSTRAINTS_new
(void);
void
POLICY_CONSTRAINTS_free
(POLICY_CONSTRAINTS
*pc);
DESCRIPTION
X.509 CA and end entity certificates can optionally indicate restrictions on their intended use.
POLICYINFO_new
()
allocates and initializes an empty POLICYINFO object,
representing an ASN.1 PolicyInformation structure
defined in RFC 5280 section 4.2.1.4. It can hold a policy identifier and
optional advisory qualifiers.
POLICYINFO_free
()
frees pi.
CERTIFICATEPOLICIES_new
()
allocates and initializes an empty CERTIFICATEPOLICIES
object, which is a STACK_OF(POLICYINFO) and represents
an ASN.1 CertificatePolicies structure defined in RFC
5280 section 4.2.1.4. It can be used by X509 objects,
both by CA certificates and end entity certificates.
CERTIFICATEPOLICIES_free
()
frees pis.
POLICYQUALINFO_new
()
allocates and initializes an empty POLICYQUALINFO
object, representing an ASN.1 PolicyQualifierInfo
structure defined in RFC 5280 section 4.2.1.4. It can be used in
POLICYINFO and it can hold either a uniform resource
identifier of a certification practice statement published by the CA, or a
pointer to a USERNOTICE object, or arbitrary other
information.
POLICYQUALINFO_free
()
frees pqi.
USERNOTICE_new
()
allocates and initializes an empty USERNOTICE object,
representing an ASN.1 UserNotice structure defined in
RFC 5280 section 4.2.1.4. It can be used in
POLICYQUALINFO and it can hold either an
ASN1_STRING intended for display to the user or a
pointer to a NOTICEREF object.
NOTICEREF_free
()
frees usernotice.
NOTICEREF_new
()
allocates and initializes an empty NOTICEREF object,
representing an ASN.1 NoticeReference structure
defined in RFC 5280 section 4.2.1.4. It can be used in
USERNOTICE and can hold an organization name and a
stack of notice numbers.
NOTICEREF_free
()
frees noticeref.
POLICY_MAPPING_new
()
allocates and initializes an empty POLICY_MAPPING
object, representing an ASN.1 PolicyMappings structure
defined in RFC 5280 section 4.2.1.5. It can be used in
X509 CA certificates and can hold a list of pairs of
policy identifiers, declaring one of the policies in each pair as equivalent
to the other.
POLICY_MAPPING_free
()
frees pm.
POLICY_CONSTRAINTS_new
()
allocates and initializes an empty POLICY_CONSTRAINTS
object, representing an ASN.1 PolicyConstraints
structure defined in RFC 5280 section 4.2.1.11. It can be used in
X509 CA certificates to restrict policy mapping and/or
to require explicit certificate policies in subsequent intermediate
certificates in the certification path.
POLICY_CONSTRAINTS_free
()
frees pc.
RETURN VALUES
The constructor functions return a new object of the respective
type or NULL
if an error occurs.
SEE ALSO
BASIC_CONSTRAINTS_new(3), d2i_POLICYINFO(3), NAME_CONSTRAINTS_new(3), X509_EXTENSION_new(3), X509_new(3)
STANDARDS
RFC 5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile:
- section 4.2.1.4: Certificate Policies
- section 4.2.1.5: Policy Mappings
- section 4.2.1.11: Policy Constraints
HISTORY
POLICYINFO_new
(),
POLICYINFO_free
(),
CERTIFICATEPOLICIES_new
(),
CERTIFICATEPOLICIES_free
(),
POLICYQUALINFO_new
(),
POLICYQUALINFO_free
(),
USERNOTICE_new
(),
USERNOTICE_free
(),
NOTICEREF_new
(), and
NOTICEREF_free
() first appeared in OpenSSL 0.9.3 and
have been available since OpenBSD 2.6.
POLICY_MAPPING_new
(),
POLICY_MAPPING_free
(),
POLICY_CONSTRAINTS_new
(), and
POLICY_CONSTRAINTS_free
() first appeared in OpenSSL
0.9.8 and have been available since OpenBSD 4.5.
BUGS
This is a lot of nested data structures, but most of them are designed to have almost no effect.