NAME
BASIC_CONSTRAINTS_new,
BASIC_CONSTRAINTS_free —
X.509 extension to mark CA
certificates
SYNOPSIS
#include
<openssl/x509v3.h>
BASIC_CONSTRAINTS *
BASIC_CONSTRAINTS_new(void);
void
BASIC_CONSTRAINTS_free(BASIC_CONSTRAINTS
*bc);
DESCRIPTION
BASIC_CONSTRAINTS_new()
allocates and initializes an empty BASIC_CONSTRAINTS
object, representing an ASN.1 BasicConstraints
structure defined in RFC 5280 section 4.2.1.9.
This object contains two fields. The field int ca is non-zero if the certificate is a CA certificate. The field ASN1_INTEGER *pathlen specifies the maximum number of non-self-issued intermediate certificates that may follow this certificate in a valid certification path.
If an X.509 version 3 certificate does not contain this extension
or if the ca field of the
BASIC_CONSTRAINTS object is 0, or if the certificate
contains a key usage extension having the
KU_KEY_CERT_SIGN bit unset, then it is not a CA
certificate but an end entity certificate.
BASIC_CONSTRAINTS_free()
frees bc.
RETURN VALUES
BASIC_CONSTRAINTS_new() returns the new
BASIC_CONSTRAINTS object or
NULL if an error occurs.
SEE ALSO
d2i_BASIC_CONSTRAINTS(3), X509_check_purpose(3), X509_EXTENSION_new(3), X509_get_extension_flags(3), X509_new(3)
STANDARDS
RFC 5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile:
- section 4.2.1.9: Basic Constraints
- section 6.1: Basic Path Validation
HISTORY
BASIC_CONSTRAINTS_new() and
BASIC_CONSTRAINTS_free() first appeared in OpenSSL
0.9.2b and have been available since OpenBSD
2.6.