"Fossies" - the Fresh Open Source Software Archive

Member "libressl-2.9.2/man/NAME_CONSTRAINTS_new.3" (24 Mar 2018, 2908 Bytes) of package /linux/misc/libressl-2.9.2.tar.gz:


Caution: As a special service "Fossies" has tried to format the requested manual source page into HTML format but links to other man pages may be missing or even errorneous. Alternatively you can here view or download the uninterpreted manual source code. A member file download can also be achieved by clicking within a package contents listing on the according byte size field.

NAME_CONSTRAINTS_NEW(3) BSD Library Functions Manual NAME_CONSTRAINTS_NEW(3)

NAME

NAME_CONSTRAINTS_new, NAME_CONSTRAINTS_free, GENERAL_SUBTREE_new, GENERAL_SUBTREE_free — X.509 CA name constraints extension

SYNOPSIS

#include <openssl/x509v3.h>

NAME_CONSTRAINTS *

NAME_CONSTRAINTS_new(void);

void

NAME_CONSTRAINTS_free(NAME_CONSTRAINTS *names);

GENERAL_SUBTREE *

GENERAL_SUBTREE_new(void);

void

GENERAL_SUBTREE_free(GENERAL_SUBTREE *name);

DESCRIPTION

X.509 CA certificates can use the name constraints extension to restrict the subject names of subsequent certificates in a certification path.

NAME_CONSTRAINTS_new() allocates and initializes an empty NAME_CONSTRAINTS object, representing an ASN.1 NameConstraints structure defined in RFC 5280 section 4.2.1.10. It consists of two STACK_OF(GENERAL_SUBTREE) objects, one specifying permitted names, the other excluded names. NAME_CONSTRAINTS_free() frees names.

GENERAL_SUBTREE_new() allocates and initializes an empty GENERAL_SUBTREE object, representing an ASN.1 GeneralSubtree structure defined in RFC 5280 section 4.2.1.10. It is a trivial wrapper around the GENERAL_NAME object documented in GENERAL_NAME_new(3). The standard requires the other fields of GENERAL_SUBTREE to be ignored. GENERAL_SUBTREE_free() frees name.

RETURN VALUES

NAME_CONSTRAINTS_new() and GENERAL_SUBTREE_new() return the new NAME_CONSTRAINTS or GENERAL_SUBTREE object, respectively, or NULL if an error occurs.

SEE ALSO

BASIC_CONSTRAINTS_new(3), GENERAL_NAMES_new(3), X509_EXTENSION_new(3), X509_new(3)

STANDARDS

RFC 5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile, section 4.2.1.10: Name Constraints

HISTORY

NAME_CONSTRAINTS_new(), NAME_CONSTRAINTS_free(), GENERAL_SUBTREE_new(), and GENERAL_SUBTREE_free() first appeared in OpenSSL 0.9.8 and have been available since OpenBSD 4.5.

BSD March 23, 2018 BSD