OpenBSD manual page server

Manual Page Search Parameters

BASIC_CONSTRAINTS_NEW(3) Library Functions Manual BASIC_CONSTRAINTS_NEW(3)

BASIC_CONSTRAINTS_new, BASIC_CONSTRAINTS_freeX.509 extension to mark CA certificates

#include <openssl/x509v3.h>

BASIC_CONSTRAINTS *
BASIC_CONSTRAINTS_new(void);

void
BASIC_CONSTRAINTS_free(BASIC_CONSTRAINTS *bc);

() allocates and initializes an empty BASIC_CONSTRAINTS object, representing an ASN.1 BasicConstraints structure defined in RFC 5280 section 4.2.1.9.

This object contains two fields. The field int ca is non-zero if the certificate is a CA certificate. The field ASN1_INTEGER *pathlen specifies the maximum number of non-self-issued intermediate certificates that may follow this certificate in a valid certification path.

If an X.509 version 3 certificate does not contain this extension or if the ca field of the BASIC_CONSTRAINTS object is 0, or if the certificate contains a key usage extension having the KU_KEY_CERT_SIGN bit unset, then it is not a CA certificate but an end entity certificate.

() frees bc.

BASIC_CONSTRAINTS_new() returns the new BASIC_CONSTRAINTS object or NULL if an error occurs.

d2i_BASIC_CONSTRAINTS(3), X509_check_purpose(3), X509_EXTENSION_new(3), X509_get_extension_flags(3), X509_new(3)

RFC 5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile:

BASIC_CONSTRAINTS_new() and BASIC_CONSTRAINTS_free() first appeared in OpenSSL 0.9.2b and have been available since OpenBSD 2.6.

October 27, 2021 OpenBSD-7.4