| PROXY_POLICY_NEW(3) | Library Functions Manual | PROXY_POLICY_NEW(3) |
PROXY_POLICY_new,
PROXY_POLICY_free,
PROXY_CERT_INFO_EXTENSION_new,
PROXY_CERT_INFO_EXTENSION_free —
X.509 proxy certificate extension
#include
<openssl/x509v3.h>
PROXY_POLICY *
PROXY_POLICY_new(void);
void
PROXY_POLICY_free(PROXY_POLICY
*pp);
PROXY_CERT_INFO_EXTENSION *
PROXY_CERT_INFO_EXTENSION_new(void);
void
PROXY_CERT_INFO_EXTENSION_free(PROXY_CERT_INFO_EXTENSION
*pcie);
If a given non-CA certificate grants any privileges, using that certificate to issue a proxy certificate and handing that proxy certificate over to another person, organization, or service allows the bearer of the proxy certificate to exercise some or all of the privileges on behalf of the subject of the original certificate.
PROXY_POLICY_new()
allocates and initializes an empty PROXY_POLICY
object, representing an ASN.1 ProxyPolicy structure
defined in RFC 3820 section 3.8. It defines which privileges are to be
delegated.
PROXY_POLICY_free()
frees pp.
PROXY_CERT_INFO_EXTENSION_new()
allocates and initializes an empty
PROXY_CERT_INFO_EXTENSION object, representing an
ASN.1 ProxyCertInfo structure defined in RFC 3820
section 3.8. It can contain a PROXY_POLICY object, and
it can additionally restrict the maximum depth of the path of proxy
certificates that can be signed by this proxy certificate.
PROXY_CERT_INFO_EXTENSION_free()
frees pcie.
If a non-CA certificate contains a PROXY_CERT_INFO_EXTENSION, it is a proxy certificate; otherwise, it is an end entity certificate.
PROXY_POLICY_new() and
PROXY_CERT_INFO_EXTENSION_new() return the new
PROXY_POLICY or
PROXY_CERT_INFO_EXTENSION object, respectively, or
NULL if an error occurs.
BASIC_CONSTRAINTS_new(3), d2i_PROXY_POLICY(3), EXTENDED_KEY_USAGE_new(3), POLICYINFO_new(3), X509_EXTENSION_new(3), X509_new(3)
RFC 3820: Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate Profile
These functions first appeared in OpenSSL 0.9.7g and have been available since OpenBSD 3.8.
| June 6, 2019 | OpenBSD-current |