DragonFly On-Line Manual Pages

Search: Section:  

POLICYINFO_NEW(3)     DragonFly Library Functions Manual     POLICYINFO_NEW(3)


NAME

     POLICYINFO_new, POLICYINFO_free, CERTIFICATEPOLICIES_new,
     CERTIFICATEPOLICIES_free, POLICYQUALINFO_new, POLICYQUALINFO_free,
     USERNOTICE_new, USERNOTICE_free, NOTICEREF_new, NOTICEREF_free,
     POLICY_MAPPING_new, POLICY_MAPPING_free, POLICY_CONSTRAINTS_new,
     POLICY_CONSTRAINTS_free -- X.509 certificate policies


SYNOPSIS

     #include <openssl/x509v3.h>

     POLICYINFO *
     POLICYINFO_new(void);

     void
     POLICYINFO_free(POLICYINFO *pi);

     CERTIFICATEPOLICIES *
     CERTIFICATEPOLICIES_new(void);

     void
     CERTIFICATEPOLICIES_free(CERTIFICATEPOLICIES *pis);

     POLICYQUALINFO *
     POLICYQUALINFO_new(void);

     void
     POLICYQUALINFO_free(POLICYQUALINFO *pqi);

     USERNOTICE *
     USERNOTICE_new(void);

     void
     USERNOTICE_free(USERNOTICE *usernotice);

     NOTICEREF *
     NOTICEREF_new(void);

     void
     NOTICEREF_free(NOTICEREF *noticeref);

     POLICY_MAPPING *
     POLICY_MAPPING_new(void);

     void
     POLICY_MAPPING_free(POLICY_MAPPING *pm);

     POLICY_CONSTRAINTS *
     POLICY_CONSTRAINTS_new(void);

     void
     POLICY_CONSTRAINTS_free(POLICY_CONSTRAINTS *pc);


DESCRIPTION

     X.509 CA and end entity certificates can optionally indicate restrictions
     on their intended use.

     POLICYINFO_new() allocates and initializes an empty POLICYINFO object,
     representing an ASN.1 PolicyInformation structure defined in RFC 5280
     section 4.2.1.4.  It can hold a policy identifier and optional advisory
     qualifiers.  POLICYINFO_free() frees pi.

     CERTIFICATEPOLICIES_new() allocates and initializes an empty
     CERTIFICATEPOLICIES object, which is a STACK_OF(POLICYINFO) and repre-
     sents an ASN.1 CertificatePolicies structure defined in RFC 5280 section
     4.2.1.4.  It can be used by X509 objects, both by CA certificates and end
     entity certificates.  CERTIFICATEPOLICIES_free() frees pis.

     POLICYQUALINFO_new() allocates and initializes an empty POLICYQUALINFO
     object, representing an ASN.1 PolicyQualifierInfo structure defined in
     RFC 5280 section 4.2.1.4.	It can be used in POLICYINFO and it can hold
     either a uniform resource identifier of a certification practice state-
     ment published by the CA, or a pointer to a USERNOTICE object, or arbi-
     trary other information.  POLICYQUALINFO_free() frees pqi.

     USERNOTICE_new() allocates and initializes an empty USERNOTICE object,
     representing an ASN.1 UserNotice structure defined in RFC 5280 section
     4.2.1.4.  It can be used in POLICYQUALINFO and it can hold either an
     ASN1_STRING intended for display to the user or a pointer to a NOTICEREF
     object.  NOTICEREF_free() frees usernotice.

     NOTICEREF_new() allocates and initializes an empty NOTICEREF object, rep-
     resenting an ASN.1 NoticeReference structure defined in RFC 5280 section
     4.2.1.4.  It can be used in USERNOTICE and can hold an organization name
     and a stack of notice numbers.  NOTICEREF_free() frees noticeref.

     POLICY_MAPPING_new() allocates and initializes an empty POLICY_MAPPING
     object, representing an ASN.1 PolicyMappings structure defined in RFC
     5280 section 4.2.1.5.  It can be used in X509 CA certificates and can
     hold a list of pairs of policy identifiers, declaring one of the policies
     in each pair as equivalent to the other.  POLICY_MAPPING_free() frees pm.

     POLICY_CONSTRAINTS_new() allocates and initializes an empty
     POLICY_CONSTRAINTS object, representing an ASN.1 PolicyConstraints struc-
     ture defined in RFC 5280 section 4.2.1.11.  It can be used in X509 CA
     certificates to restrict policy mapping and/or to require explicit cer-
     tificate policies in subsequent intermediate certificates in the certifi-
     cation path.  POLICY_CONSTRAINTS_free() frees pc.


RETURN VALUES

     The constructor functions return a new object of the respective type or
     NULL if an error occurs.


SEE ALSO

     BASIC_CONSTRAINTS_new(3), NAME_CONSTRAINTS_new(3), X509_EXTENSION_new(3),
     X509_new(3)


STANDARDS

     RFC 5280: Internet X.509 Public Key Infrastructure Certificate and Cer-
     tificate Revocation List (CRL) Profile:
     -	 section 4.2.1.4: Certificate Policies
     -	 section 4.2.1.5: Policy Mappings
     -	 section 4.2.1.11: Policy Constraints


HISTORY

     POLICYINFO_new(), POLICYINFO_free(), CERTIFICATEPOLICIES_new(),
     CERTIFICATEPOLICIES_free(), POLICYQUALINFO_new(), POLICYQUALINFO_free(),
     USERNOTICE_new(), USERNOTICE_free(), NOTICEREF_new(), and
     NOTICEREF_free() first appeared in OpenSSL 0.9.3 and have been available
     since OpenBSD 2.6.

     POLICY_MAPPING_new(), POLICY_MAPPING_free(), POLICY_CONSTRAINTS_new(),
     and POLICY_CONSTRAINTS_free() first appeared in OpenSSL 0.9.8 and have
     been available since OpenBSD 4.5.


BUGS

     This is a lot of nested data structures, but most of them are designed to
     have almost no effect.

DragonFly 5.5			March 23, 2018			 DragonFly 5.5

Search: Section: