table of contents
NAME_CONSTRAINTS_NEW(3) | Library Functions Manual | NAME_CONSTRAINTS_NEW(3) |
NAME¶
NAME_CONSTRAINTS_new
,
NAME_CONSTRAINTS_free
,
GENERAL_SUBTREE_new
,
GENERAL_SUBTREE_free
— X.509
CA name constraints extension
SYNOPSIS¶
#include
<openssl/x509v3.h>
NAME_CONSTRAINTS *
NAME_CONSTRAINTS_new
(void);
void
NAME_CONSTRAINTS_free
(NAME_CONSTRAINTS
*names);
GENERAL_SUBTREE *
GENERAL_SUBTREE_new
(void);
void
GENERAL_SUBTREE_free
(GENERAL_SUBTREE
*name);
DESCRIPTION¶
X.509 CA certificates can use the name constraints extension to restrict the subject names of subsequent certificates in a certification path.
NAME_CONSTRAINTS_new
()
allocates and initializes an empty NAME_CONSTRAINTS
object, representing an ASN.1 NameConstraints
structure defined in RFC 5280 section 4.2.1.10. It consists of two
STACK_OF(GENERAL_SUBTREE) objects, one specifying
permitted names, the other excluded names.
NAME_CONSTRAINTS_free
()
frees names.
GENERAL_SUBTREE_new
()
allocates and initializes an empty GENERAL_SUBTREE
object, representing an ASN.1 GeneralSubtree structure
defined in RFC 5280 section 4.2.1.10. It is a trivial wrapper around the
GENERAL_NAME object documented in
GENERAL_NAME_new(3). The standard requires the other
fields of GENERAL_SUBTREE to be ignored.
GENERAL_SUBTREE_free
()
frees name.
RETURN VALUES¶
NAME_CONSTRAINTS_new
() and
GENERAL_SUBTREE_new
() return the new
NAME_CONSTRAINTS or
GENERAL_SUBTREE object, respectively, or
NULL
if an error occurs.
SEE ALSO¶
BASIC_CONSTRAINTS_new(3), GENERAL_NAMES_new(3), X509_EXTENSION_new(3), X509_new(3)
STANDARDS¶
RFC 5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile, section 4.2.1.10: Name Constraints
HISTORY¶
NAME_CONSTRAINTS_new
(),
NAME_CONSTRAINTS_free
(),
GENERAL_SUBTREE_new
(), and
GENERAL_SUBTREE_free
() first appeared in OpenSSL
0.9.8 and have been available since OpenBSD 4.5.
September 17, 2020 | Linux 6.4.0-150600.23.25-default |