DragonFly On-Line Manual Pages

BASIC_CONSTRAINTS_... DragonFly Library Functions Manual BASIC_CONSTRAINTS_...

NAME
     BASIC_CONSTRAINTS_new, BASIC_CONSTRAINTS_free -- X.509 extension to mark
     CA certificates

SYNOPSIS
     #include <openssl/x509v3.h>

     BASIC_CONSTRAINTS *
     BASIC_CONSTRAINTS_new(void);

     void
     BASIC_CONSTRAINTS_free(BASIC_CONSTRAINTS *bc);

DESCRIPTION
     BASIC_CONSTRAINTS_new() allocates and initializes an empty
     BASIC_CONSTRAINTS object, representing an ASN.1 BasicConstraints struc-
     ture defined in RFC 5280 section 4.2.1.9.

     This object contains two fields.  The field int ca is non-zero if the
     certificate is a CA certificate.  The field ASN1_INTEGER *pathlen speci-
     fies the maximum number of non-self-issued intermediate certificates that
     may follow this certificate in a valid certification path.

     If an X.509 version 3 certificate does not contain this extension or if
     the ca field of the BASIC_CONSTRAINTS object is 0, or if the certificate
     contains a key usage extension having the KU_KEY_CERT_SIGN bit unset,
     then it is not a CA certificate but an end entity certificate.

     BASIC_CONSTRAINTS_free() frees bc.

RETURN VALUES
     BASIC_CONSTRAINTS_new() returns the new BASIC_CONSTRAINTS object or NULL
     if an error occurs.

SEE ALSO
     X509_EXTENSION_new(3), X509_new(3)

STANDARDS
     RFC 5280: Internet X.509 Public Key Infrastructure Certificate and Cer-
     tificate Revocation List (CRL) Profile:
     -	 section 4.2.1.9: Basic Constraints
     -	 section 6.1: Basic Path Validation

HISTORY
     BASIC_CONSTRAINTS_new() and BASIC_CONSTRAINTS_free() first appeared in
     OpenSSL 0.9.2b and have been available since OpenBSD 2.6.

DragonFly 5.5			March 21, 2018			 DragonFly 5.5