OpenBSD manual page server

Manual Page Search Parameters

X509_POLICY_TREE_GET0_POLICIES(3) Library Functions Manual X509_POLICY_TREE_GET0_POLICIES(3)

X509_policy_tree_get0_policies, X509_policy_tree_get0_user_policiesretrieve arrays of policy tree nodes

#include <openssl/x509_vfy.h>

STACK_OF(X509_POLICY_NODE) *
X509_policy_tree_get0_policies(const X509_POLICY_TREE *tree);

STACK_OF(X509_POLICY_NODE) *
X509_policy_tree_get0_user_policies(const X509_POLICY_TREE *tree);

The and the are arrays of nodes from a policy tree.

If the last level of a tree, or equivalently, all levels of it, contain an anyPolicy node, the authority set contains only this anyPolicy node from the last level. Unless the array of policy_oids passed to X509_policy_check(3) contained an anyPolicy object, the user set contains one node for each of the policy_oids; specifically, the first matching node that is a child of an anyPolicy node.

If the last level of the tree does not contain an anyPolicy node, the authority set contains all non-anyPolicy nodes that are children of anyPolicy nodes. For each element of the policy_oids, the user set contains the first node from the authority set matching it, if any.

These functions are intended to be called after X509_policy_check(3) was called either directly or indirectly through X509_verify_cert(3).

X509_policy_tree_get0_policies() returns an internal pointer to the authority set or NULL if the tree argument is NULL.

X509_policy_tree_get0_user_policies() returns an internal pointer to the user set or NULL if the tree argument is NULL or if the array of policy_oids passed to X509_policy_check(3) was empty or contained an anyPolicy object.

STACK_OF(3), X509_policy_check(3), X509_policy_level_get0_node(3), X509_STORE_CTX_get0_policy_tree(3)

RFC 5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile, section 6.1: Basic Path Validation

These function first appeared in OpenSSL 0.9.8 and have been available since OpenBSD 4.5.

November 11, 2021 OpenBSD-current