DragonFly On-Line Manual Pages

Search: Section:  

BASIC_CONSTRAINTS_NEW(3)                    DragonFly Library Functions Manual


BASIC_CONSTRAINTS_new, BASIC_CONSTRAINTS_free - X.509 extension to mark CA certificates


#include <openssl/x509v3.h> BASIC_CONSTRAINTS * BASIC_CONSTRAINTS_new(void); void BASIC_CONSTRAINTS_free(BASIC_CONSTRAINTS *bc);


BASIC_CONSTRAINTS_new() allocates and initializes an empty BASIC_CONSTRAINTS object, representing an ASN.1 BasicConstraints structure defined in RFC 5280 section This object contains two fields. The field int ca is non-zero if the certificate is a CA certificate. The field ASN1_INTEGER *pathlen specifies the maximum number of non-self-issued intermediate certificates that may follow this certificate in a valid certification path. If an X.509 version 3 certificate does not contain this extension or if the ca field of the BASIC_CONSTRAINTS object is 0, or if the certificate contains a key usage extension having the KU_KEY_CERT_SIGN bit unset, then it is not a CA certificate but an end entity certificate. BASIC_CONSTRAINTS_free() frees bc.


BASIC_CONSTRAINTS_new() returns the new BASIC_CONSTRAINTS object or NULL if an error occurs.


d2i_BASIC_CONSTRAINTS(3), X509_check_purpose(3), X509_EXTENSION_new(3), X509_new(3)


RFC 5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile: - section Basic Constraints - section 6.1: Basic Path Validation


BASIC_CONSTRAINTS_new() and BASIC_CONSTRAINTS_free() first appeared in OpenSSL 0.9.2b and have been available since OpenBSD 2.6. DragonFly 5.9-DEVELOPMENT August 22, 2019 DragonFly 5.9-DEVELOPMENT

Search: Section: