89 lines
2.6 KiB
Groff
89 lines
2.6 KiB
Groff
.\" $OpenBSD: BASIC_CONSTRAINTS_new.3,v 1.6 2021/10/27 11:24:47 schwarze Exp $
|
|
.\"
|
|
.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
|
|
.\"
|
|
.\" Permission to use, copy, modify, and distribute this software for any
|
|
.\" purpose with or without fee is hereby granted, provided that the above
|
|
.\" copyright notice and this permission notice appear in all copies.
|
|
.\"
|
|
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
|
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
|
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
|
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
|
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
|
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
|
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
|
.\"
|
|
.Dd $Mdocdate: October 27 2021 $
|
|
.Dt BASIC_CONSTRAINTS_NEW 3
|
|
.Os
|
|
.Sh NAME
|
|
.Nm BASIC_CONSTRAINTS_new ,
|
|
.Nm BASIC_CONSTRAINTS_free
|
|
.Nd X.509 extension to mark CA certificates
|
|
.Sh SYNOPSIS
|
|
.In openssl/x509v3.h
|
|
.Ft BASIC_CONSTRAINTS *
|
|
.Fn BASIC_CONSTRAINTS_new void
|
|
.Ft void
|
|
.Fn BASIC_CONSTRAINTS_free "BASIC_CONSTRAINTS *bc"
|
|
.Sh DESCRIPTION
|
|
.Fn BASIC_CONSTRAINTS_new
|
|
allocates and initializes an empty
|
|
.Vt BASIC_CONSTRAINTS
|
|
object, representing an ASN.1
|
|
.Vt BasicConstraints
|
|
structure defined in RFC 5280 section 4.2.1.9.
|
|
.Pp
|
|
This object contains two fields.
|
|
The field
|
|
.Fa "int ca"
|
|
is non-zero if the certificate is a CA certificate.
|
|
The field
|
|
.Fa "ASN1_INTEGER *pathlen"
|
|
specifies the maximum number of non-self-issued intermediate
|
|
certificates that may follow this certificate in a valid
|
|
certification path.
|
|
.Pp
|
|
If an X.509 version 3 certificate does not contain this extension
|
|
or if the
|
|
.Fa ca
|
|
field of the
|
|
.Vt BASIC_CONSTRAINTS
|
|
object is 0, or if the certificate contains a key usage extension
|
|
having the
|
|
.Dv KU_KEY_CERT_SIGN
|
|
bit unset, then it is not a CA certificate but an end entity
|
|
certificate.
|
|
.Pp
|
|
.Fn BASIC_CONSTRAINTS_free
|
|
frees
|
|
.Fa bc .
|
|
.Sh RETURN VALUES
|
|
.Fn BASIC_CONSTRAINTS_new
|
|
returns the new
|
|
.Vt BASIC_CONSTRAINTS
|
|
object or
|
|
.Dv NULL
|
|
if an error occurs.
|
|
.Sh SEE ALSO
|
|
.Xr d2i_BASIC_CONSTRAINTS 3 ,
|
|
.Xr X509_check_purpose 3 ,
|
|
.Xr X509_EXTENSION_new 3 ,
|
|
.Xr X509_get_extension_flags 3 ,
|
|
.Xr X509_new 3
|
|
.Sh STANDARDS
|
|
RFC 5280: Internet X.509 Public Key Infrastructure Certificate and
|
|
Certificate Revocation List (CRL) Profile:
|
|
.Bl -dash -compact
|
|
.It
|
|
section 4.2.1.9: Basic Constraints
|
|
.It
|
|
section 6.1: Basic Path Validation
|
|
.El
|
|
.Sh HISTORY
|
|
.Fn BASIC_CONSTRAINTS_new
|
|
and
|
|
.Fn BASIC_CONSTRAINTS_free
|
|
first appeared in OpenSSL 0.9.2b and have been available since
|
|
.Ox 2.6 .
|