OpenBSD manual page server

NAME

POLICYINFO_new, POLICYINFO_free, CERTIFICATEPOLICIES_new, CERTIFICATEPOLICIES_free, POLICYQUALINFO_new, POLICYQUALINFO_free, USERNOTICE_new, USERNOTICE_free, NOTICEREF_new, NOTICEREF_free, POLICY_MAPPING_new, POLICY_MAPPING_free, POLICY_CONSTRAINTS_new, POLICY_CONSTRAINTS_free — X.509 certificate policies

SYNOPSIS

#include <openssl/x509v3.h>

POLICYINFO *
POLICYINFO_new(void);

void
POLICYINFO_free(POLICYINFO *pi);

CERTIFICATEPOLICIES *
CERTIFICATEPOLICIES_new(void);

void
CERTIFICATEPOLICIES_free(CERTIFICATEPOLICIES *pis);

POLICYQUALINFO *
POLICYQUALINFO_new(void);

void
POLICYQUALINFO_free(POLICYQUALINFO *pqi);

USERNOTICE *
USERNOTICE_new(void);

void
USERNOTICE_free(USERNOTICE *usernotice);

NOTICEREF *
NOTICEREF_new(void);

void
NOTICEREF_free(NOTICEREF *noticeref);

POLICY_MAPPING *
POLICY_MAPPING_new(void);

void
POLICY_MAPPING_free(POLICY_MAPPING *pm);

POLICY_CONSTRAINTS *
POLICY_CONSTRAINTS_new(void);

void
POLICY_CONSTRAINTS_free(POLICY_CONSTRAINTS *pc);

DESCRIPTION

X.509 CA and end entity certificates can optionally indicate restrictions on their intended use.

POLICYINFO_new() allocates and initializes an empty POLICYINFO object, representing an ASN.1 PolicyInformation structure defined in RFC 5280 section 4.2.1.4. It can hold a policy identifier and optional advisory qualifiers. POLICYINFO_free() frees pi.

CERTIFICATEPOLICIES_new() allocates and initializes an empty CERTIFICATEPOLICIES object, which is a STACK_OF(POLICYINFO) and represents an ASN.1 CertificatePolicies structure defined in RFC 5280 section 4.2.1.4. It can be used by X509 objects, both by CA certificates and end entity certificates. CERTIFICATEPOLICIES_free() frees pis.

POLICYQUALINFO_new() allocates and initializes an empty POLICYQUALINFO object, representing an ASN.1 PolicyQualifierInfo structure defined in RFC 5280 section 4.2.1.4. It can be used in POLICYINFO and it can hold either a uniform resource identifier of a certification practice statement published by the CA, or a pointer to a USERNOTICE object, or arbitrary other information. POLICYQUALINFO_free() frees pqi.

USERNOTICE_new() allocates and initializes an empty USERNOTICE object, representing an ASN.1 UserNotice structure defined in RFC 5280 section 4.2.1.4. It can be used in POLICYQUALINFO and it can hold either an ASN1_STRING intended for display to the user or a pointer to a NOTICEREF object. NOTICEREF_free() frees usernotice.

NOTICEREF_new() allocates and initializes an empty NOTICEREF object, representing an ASN.1 NoticeReference structure defined in RFC 5280 section 4.2.1.4. It can be used in USERNOTICE and can hold an organization name and a stack of notice numbers. NOTICEREF_free() frees noticeref.

POLICY_MAPPING_new() allocates and initializes an empty POLICY_MAPPING object, representing an ASN.1 PolicyMappings structure defined in RFC 5280 section 4.2.1.5. It can be used in X509 CA certificates and can hold a list of pairs of policy identifiers, declaring one of the policies in each pair as equivalent to the other. POLICY_MAPPING_free() frees pm.

POLICY_CONSTRAINTS_new() allocates and initializes an empty POLICY_CONSTRAINTS object, representing an ASN.1 PolicyConstraints structure defined in RFC 5280 section 4.2.1.11. It can be used in X509 CA certificates to restrict policy mapping and/or to require explicit certificate policies in subsequent intermediate certificates in the certification path. POLICY_CONSTRAINTS_free() frees pc.

RETURN VALUES

The constructor functions return a new object of the respective type or NULL if an error occurs.

SEE ALSO

BASIC_CONSTRAINTS_new(3), d2i_POLICYINFO(3), NAME_CONSTRAINTS_new(3), X509_EXTENSION_new(3), X509_get_extension_flags(3), X509_new(3)

STANDARDS

RFC 5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile:

• section 4.2.1.4: Certificate Policies
• section 4.2.1.5: Policy Mappings
• section 4.2.1.11: Policy Constraints

HISTORY

POLICYINFO_new(), POLICYINFO_free(), CERTIFICATEPOLICIES_new(), CERTIFICATEPOLICIES_free(), POLICYQUALINFO_new(), POLICYQUALINFO_free(), USERNOTICE_new(), USERNOTICE_free(), NOTICEREF_new(), and NOTICEREF_free() first appeared in OpenSSL 0.9.3 and have been available since OpenBSD 2.6.

POLICY_MAPPING_new(), POLICY_MAPPING_free(), POLICY_CONSTRAINTS_new(), and POLICY_CONSTRAINTS_free() first appeared in OpenSSL 0.9.8 and have been available since OpenBSD 4.5.

BUGS

This is a lot of nested data structures, but most of them are designed to have almost no effect.