NAME

PROXY_POLICY_new, PROXY_POLICY_free, PROXY_CERT_INFO_EXTENSION_new, PROXY_CERT_INFO_EXTENSION_free — X.509 proxy certificate extension

SYNOPSIS

#include <openssl/x509v3.h>

PROXY_POLICY *
PROXY_POLICY_new(void);

void
PROXY_POLICY_free(PROXY_POLICY *pp);

PROXY_CERT_INFO_EXTENSION *
PROXY_CERT_INFO_EXTENSION_new(void);

void
PROXY_CERT_INFO_EXTENSION_free(PROXY_CERT_INFO_EXTENSION *pcie);

DESCRIPTION

If a given non-CA certificate grants any privileges, using that certificate to issue a proxy certificate and handing that proxy certificate over to another person, organization, or service allows the bearer of the proxy certificate to exercise some or all of the privileges on behalf of the subject of the original certificate.

PROXY_POLICY_new() allocates and initializes an empty PROXY_POLICY object, representing an ASN.1 ProxyPolicy structure defined in RFC 3820 section 3.8. It defines which privileges are to be delegated. PROXY_POLICY_free() frees pp.

PROXY_CERT_INFO_EXTENSION_new() allocates and initializes an empty PROXY_CERT_INFO_EXTENSION object, representing an ASN.1 ProxyCertInfo structure defined in RFC 3820 section 3.8. It can contain a PROXY_POLICY object, and it can additionally restrict the maximum depth of the path of proxy certificates that can be signed by this proxy certificate. PROXY_CERT_INFO_EXTENSION_free() frees pcie.

If a non-CA certificate contains a PROXY_CERT_INFO_EXTENSION, it is a proxy certificate; otherwise, it is an end entity certificate.

RETURN VALUES

PROXY_POLICY_new() and PROXY_CERT_INFO_EXTENSION_new() return the new PROXY_POLICY or PROXY_CERT_INFO_EXTENSION object, respectively, or NULL if an error occurs.

STANDARDS

RFC 3820: Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate Profile

HISTORY

These functions first appeared in OpenSSL 0.9.7g and have been available since OpenBSD 3.8.

OpenBSD manual page server