NAME
X509_policy_tree_get0_policies,
X509_policy_tree_get0_user_policies —
retrieve arrays of policy tree
nodes
SYNOPSIS
#include
<openssl/x509_vfy.h>
STACK_OF(X509_POLICY_NODE) *
X509_policy_tree_get0_policies(const
X509_POLICY_TREE *tree);
STACK_OF(X509_POLICY_NODE) *
X509_policy_tree_get0_user_policies(const
X509_POLICY_TREE *tree);
DESCRIPTION
The authority set and the user set are arrays of nodes from a policy tree.
If the last level of a tree, or equivalently, all levels of it, contain an anyPolicy node, the authority set contains only this anyPolicy node from the last level. Unless the array of policy_oids passed to X509_policy_check(3) contained an anyPolicy object, the user set contains one node for each of the policy_oids; specifically, the first matching node that is a child of an anyPolicy node.
If the last level of the tree does not contain an anyPolicy node, the authority set contains all non-anyPolicy nodes that are children of anyPolicy nodes. For each element of the policy_oids, the user set contains the first node from the authority set matching it, if any.
These functions are intended to be called after X509_policy_check(3) was called either directly or indirectly through X509_verify_cert(3).
RETURN VALUES
X509_policy_tree_get0_policies() returns
an internal pointer to the authority set or NULL if
the tree argument is NULL.
X509_policy_tree_get0_user_policies()
returns an internal pointer to the user set or NULL
if the tree argument is NULL
or if the array of policy_oids passed to
X509_policy_check(3) was empty or contained an anyPolicy
object.
SEE ALSO
STACK_OF(3), X509_policy_check(3), X509_policy_level_get0_node(3), X509_STORE_CTX_get0_policy_tree(3)
STANDARDS
RFC 5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile, section 6.1: Basic Path Validation
HISTORY
These function first appeared in OpenSSL 0.9.8 and have been available since OpenBSD 4.5.