OpenBSD manual page server

NAME

X509_policy_tree_level_count, X509_policy_tree_get0_level, X509_policy_level_node_count, X509_policy_level_get0_node, X509_policy_node_get0_policy, X509_policy_node_get0_qualifiers, X509_policy_node_get0_parent — inspect X.509 policy tree objects

SYNOPSIS

#include <openssl/x509_vfy.h>

int
X509_policy_tree_level_count(const X509_POLICY_TREE *tree);

X509_POLICY_LEVEL *
X509_policy_tree_get0_level(const X509_POLICY_TREE *tree, int index);

int
X509_policy_level_node_count(X509_POLICY_LEVEL *level);

X509_POLICY_NODE *
X509_policy_level_get0_node(X509_POLICY_LEVEL *level, int index);

const ASN1_OBJECT *
X509_policy_node_get0_policy(const X509_POLICY_NODE *node);

STACK_OF(POLICYQUALINFO) *
X509_policy_node_get0_qualifiers(const X509_POLICY_NODE *node);

const X509_POLICY_NODE *
X509_policy_node_get0_parent(const X509_POLICY_NODE *node);

DESCRIPTION

The X509_POLICY_TREE object represents a valid_policy_tree as described in RFC 5280 section 6.1.

The X509_POLICY_LEVEL object represents one level of such a tree, corresponding to one certificate.

The X509_POLICY_NODE object represents one node in the tree.

RETURN VALUES

X509_policy_tree_level_count() returns the number of levels in the tree or 0 if the tree argument is NULL. If it is not 0, it equals the number of certificates in the certification path the tree was created from, including both the target certificate and the trust anchor.

X509_policy_tree_get0_level() returns an internal pointer to the level of the tree with the given index or NULL if the tree argument is NULL or the index is less than 0 or greater than or equal to the number of levels in the tree. An index of 0 corresponds to the trust anchor and the last level corresponds to the target certificate.

X509_policy_level_node_count() returns the number of nodes on the level, including an anyPolicy node if it is present, or 0 if the level argument is NULL.

X509_policy_level_get0_node() returns an internal pointer to the node on the level with the given index or NULL if the level argument is NULL or the index is less than 0 or greater than or equal to the number of nodes on the level. If an anyPolicy node is present on the level, it can be retrieved by passing an index of 0.

X509_policy_node_get0_policy() returns an internal pointer to the valid_policy child object of the node or NULL if the node argument is NULL. It represents a single policy that is valid for the path from the trust anchor to the certificate corresponding to the level containing the node.

X509_policy_node_get0_qualifiers() returns an internal pointer to the qualifier_set child object of the node or NULL if the node argument is NULL. It contains the policy qualifiers associated with the valid_policy of the node in the certificate corresponding to the level containing the node.

X509_policy_node_get0_parent() returns NULL if the node argument is NULL or located on level 0. Otherwise, it returns an an internal pointer to the parent node of the node argument. The parent node is always located on the previous level.

SEE ALSO

ASN1_OBJECT_new(3), OBJ_obj2txt(3), POLICYQUALINFO_new(3), STACK_OF(3), X509_new(3), X509_policy_check(3)

STANDARDS

RFC 5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile, section 6.1: Basic Path Validation

HISTORY

These function first appeared in OpenSSL 0.9.8 and have been available since OpenBSD 4.5.