retrieve arrays of policy tree
The authority set and the user set are arrays of nodes from a policy tree.
If the last level of a tree, or equivalently, all levels of it, contain an anyPolicy node, the authority set contains only this anyPolicy node from the last level. Unless the array of policy_oids passed to X509_policy_check(3) contained an anyPolicy object, the user set contains one node for each of the policy_oids; specifically, the first matching node that is a child of an anyPolicy node.
If the last level of the tree does not contain an anyPolicy node, the authority set contains all non-anyPolicy nodes that are children of anyPolicy nodes. For each element of the policy_oids, the user set contains the first node from the authority set matching it, if any.
These functions are intended to be called after X509_policy_check(3) was called either directly or indirectly through X509_verify_cert(3).
an internal pointer to the authority set or
the tree argument is
returns an internal pointer to the user set or
if the tree argument is
or if the array of policy_oids passed to
X509_policy_check(3) was empty or contained an anyPolicy
STACK_OF(3), X509_policy_check(3), X509_policy_level_get0_node(3), X509_STORE_CTX_get0_policy_tree(3)
RFC 5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile, section 6.1: Basic Path Validation
These function first appeared in OpenSSL 0.9.8 and have been available since OpenBSD 4.5.