OpenBSD manual page server

Manual Page Search Parameters

PROXY_POLICY_NEW(3) Library Functions Manual PROXY_POLICY_NEW(3)

PROXY_POLICY_new, PROXY_POLICY_free, PROXY_CERT_INFO_EXTENSION_new, PROXY_CERT_INFO_EXTENSION_freeX.509 proxy certificate extension

#include <openssl/x509v3.h>

PROXY_POLICY *
PROXY_POLICY_new(void);

void
PROXY_POLICY_free(PROXY_POLICY *pp);

PROXY_CERT_INFO_EXTENSION *
PROXY_CERT_INFO_EXTENSION_new(void);

void
PROXY_CERT_INFO_EXTENSION_free(PROXY_CERT_INFO_EXTENSION *pcie);

If a given non-CA certificate grants any privileges, using that certificate to issue a proxy certificate and handing that proxy certificate over to another person, organization, or service allows the bearer of the proxy certificate to exercise some or all of the privileges on behalf of the subject of the original certificate.

() allocates and initializes an empty PROXY_POLICY object, representing an ASN.1 ProxyPolicy structure defined in RFC 3820 section 3.8. It defines which privileges are to be delegated. () frees pp.

() allocates and initializes an empty PROXY_CERT_INFO_EXTENSION object, representing an ASN.1 ProxyCertInfo structure defined in RFC 3820 section 3.8. It can contain a PROXY_POLICY object, and it can additionally restrict the maximum depth of the path of proxy certificates that can be signed by this proxy certificate. () frees pcie.

If a non-CA certificate contains a PROXY_CERT_INFO_EXTENSION, it is a proxy certificate; otherwise, it is an end entity certificate.

PROXY_POLICY_new() and PROXY_CERT_INFO_EXTENSION_new() return the new PROXY_POLICY or PROXY_CERT_INFO_EXTENSION object, respectively, or NULL if an error occurs.

BASIC_CONSTRAINTS_new(3), d2i_PROXY_POLICY(3), EXTENDED_KEY_USAGE_new(3), POLICYINFO_new(3), X509_EXTENSION_new(3), X509_new(3)

RFC 3820: Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate Profile

These functions first appeared in OpenSSL 0.9.7g and have been available since OpenBSD 3.8.

June 6, 2019 OpenBSD-current