DragonFly On-Line Manual Pages
NAME_CONSTRAINTS_N... DragonFly Library Functions Manual NAME_CONSTRAINTS_N...
NAME
NAME_CONSTRAINTS_new, NAME_CONSTRAINTS_free, GENERAL_SUBTREE_new,
GENERAL_SUBTREE_free -- X.509 CA name constraints extension
SYNOPSIS
#include <openssl/x509v3.h>
NAME_CONSTRAINTS *
NAME_CONSTRAINTS_new(void);
void
NAME_CONSTRAINTS_free(NAME_CONSTRAINTS *names);
GENERAL_SUBTREE *
GENERAL_SUBTREE_new(void);
void
GENERAL_SUBTREE_free(GENERAL_SUBTREE *name);
DESCRIPTION
X.509 CA certificates can use the name constraints extension to restrict
the subject names of subsequent certificates in a certification path.
NAME_CONSTRAINTS_new() allocates and initializes an empty
NAME_CONSTRAINTS object, representing an ASN.1 NameConstraints structure
defined in RFC 5280 section 4.2.1.10. It consists of two
STACK_OF(GENERAL_SUBTREE) objects, one specifying permitted names, the
other excluded names. NAME_CONSTRAINTS_free() frees names.
GENERAL_SUBTREE_new() allocates and initializes an empty GENERAL_SUBTREE
object, representing an ASN.1 GeneralSubtree structure defined in RFC
5280 section 4.2.1.10. It is a trivial wrapper around the GENERAL_NAME
object documented in GENERAL_NAME_new(3). The standard requires the
other fields of GENERAL_SUBTREE to be ignored. GENERAL_SUBTREE_free()
frees name.
RETURN VALUES
NAME_CONSTRAINTS_new() and GENERAL_SUBTREE_new() return the new
NAME_CONSTRAINTS or GENERAL_SUBTREE object, respectively, or NULL if an
error occurs.
SEE ALSO
BASIC_CONSTRAINTS_new(3), GENERAL_NAMES_new(3), X509_EXTENSION_new(3),
X509_new(3)
STANDARDS
RFC 5280: Internet X.509 Public Key Infrastructure Certificate and Cer-
tificate Revocation List (CRL) Profile, section 4.2.1.10: Name Con-
straints
HISTORY
NAME_CONSTRAINTS_new(), NAME_CONSTRAINTS_free(), GENERAL_SUBTREE_new(),
and GENERAL_SUBTREE_free() first appeared in OpenSSL 0.9.8 and have been
available since OpenBSD 4.5.
DragonFly 5.5 March 23, 2018 DragonFly 5.5