DragonFly On-Line Manual Pages

Search: Section:  

PROXY_POLICY_NEW(3)   DragonFly Library Functions Manual   PROXY_POLICY_NEW(3)


NAME

     PROXY_POLICY_new, PROXY_POLICY_free, PROXY_CERT_INFO_EXTENSION_new,
     PROXY_CERT_INFO_EXTENSION_free -- X.509 proxy certificate extension


SYNOPSIS

     #include <openssl/x509v3.h>

     PROXY_POLICY *
     PROXY_POLICY_new(void);

     void
     PROXY_POLICY_free(PROXY_POLICY *pp);

     PROXY_CERT_INFO_EXTENSION *
     PROXY_CERT_INFO_EXTENSION_new(void);

     void
     PROXY_CERT_INFO_EXTENSION_free(PROXY_CERT_INFO_EXTENSION *pcie);


DESCRIPTION

     If a given non-CA certificate grants any privileges, using that certifi-
     cate to issue a proxy certificate and handing that proxy certificate over
     to another person, organization, or service allows the bearer of the
     proxy certificate to exercise some or all of the privileges on behalf of
     the subject of the original certificate.

     PROXY_POLICY_new() allocates and initializes an empty PROXY_POLICY
     object, representing an ASN.1 ProxyPolicy structure defined in RFC 3820
     section 3.8.  It defines which privileges are to be delegated.
     PROXY_POLICY_free() frees pp.

     PROXY_CERT_INFO_EXTENSION_new() allocates and initializes an empty
     PROXY_CERT_INFO_EXTENSION object, representing an ASN.1 ProxyCertInfo
     structure defined in RFC 3820 section 3.8.  It can contain a PROXY_POLICY
     object, and it can additionally restrict the maximum depth of the path of
     proxy certificates that can be signed by this proxy certificate.
     PROXY_CERT_INFO_EXTENSION_free() frees pcie.

     If a non-CA certificate contains a PROXY_CERT_INFO_EXTENSION, it is a
     proxy certificate; otherwise, it is an end entity certificate.


RETURN VALUES

     PROXY_POLICY_new() and PROXY_CERT_INFO_EXTENSION_new() return the new
     PROXY_POLICY or PROXY_CERT_INFO_EXTENSION object, respectively, or NULL
     if an error occurs.


SEE ALSO

     BASIC_CONSTRAINTS_new(3), EXTENDED_KEY_USAGE_new(3), POLICYINFO_new(3),
     X509_EXTENSION_new(3), X509_new(3)


STANDARDS

     RFC 3820: Internet X.509 Public Key Infrastructure (PKI) Proxy Certifi-
     cate Profile


HISTORY

     These functions first appeared in OpenSSL 0.9.7g and have been available
     since OpenBSD 3.8.

DragonFly 5.5			March 22, 2018			 DragonFly 5.5

Search: Section: