xref: /openbsd/lib/libcrypto/man/POLICYINFO_new.3 (revision 2c07bb3b) 
1*2c07bb3bSschwarze.\"	$OpenBSD: POLICYINFO_new.3,v 1.5 2018/03/23 00:09:11 schwarze Exp $
22d64f400Sschwarze.\"
32d64f400Sschwarze.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
42d64f400Sschwarze.\"
52d64f400Sschwarze.\" Permission to use, copy, modify, and distribute this software for any
62d64f400Sschwarze.\" purpose with or without fee is hereby granted, provided that the above
72d64f400Sschwarze.\" copyright notice and this permission notice appear in all copies.
82d64f400Sschwarze.\"
92d64f400Sschwarze.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
102d64f400Sschwarze.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
112d64f400Sschwarze.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
122d64f400Sschwarze.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
132d64f400Sschwarze.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
142d64f400Sschwarze.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
152d64f400Sschwarze.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
162d64f400Sschwarze.\"
17*2c07bb3bSschwarze.Dd $Mdocdate: March 23 2018 $
182d64f400Sschwarze.Dt POLICYINFO_NEW 3
192d64f400Sschwarze.Os
202d64f400Sschwarze.Sh NAME
212d64f400Sschwarze.Nm POLICYINFO_new ,
222d64f400Sschwarze.Nm POLICYINFO_free ,
232d64f400Sschwarze.Nm CERTIFICATEPOLICIES_new ,
242d64f400Sschwarze.Nm CERTIFICATEPOLICIES_free ,
252d64f400Sschwarze.Nm POLICYQUALINFO_new ,
262d64f400Sschwarze.Nm POLICYQUALINFO_free ,
272d64f400Sschwarze.Nm USERNOTICE_new ,
282d64f400Sschwarze.Nm USERNOTICE_free ,
292d64f400Sschwarze.Nm NOTICEREF_new ,
302d64f400Sschwarze.Nm NOTICEREF_free ,
312d64f400Sschwarze.Nm POLICY_MAPPING_new ,
322d64f400Sschwarze.Nm POLICY_MAPPING_free ,
332d64f400Sschwarze.Nm POLICY_CONSTRAINTS_new ,
342d64f400Sschwarze.Nm POLICY_CONSTRAINTS_free
352d64f400Sschwarze.Nd X.509 certificate policies
362d64f400Sschwarze.Sh SYNOPSIS
372d64f400Sschwarze.In openssl/x509v3.h
382d64f400Sschwarze.Ft POLICYINFO *
392d64f400Sschwarze.Fn POLICYINFO_new void
402d64f400Sschwarze.Ft void
412d64f400Sschwarze.Fn POLICYINFO_free "POLICYINFO *pi"
422d64f400Sschwarze.Ft CERTIFICATEPOLICIES *
432d64f400Sschwarze.Fn CERTIFICATEPOLICIES_new void
442d64f400Sschwarze.Ft void
452d64f400Sschwarze.Fn CERTIFICATEPOLICIES_free "CERTIFICATEPOLICIES *pis"
462d64f400Sschwarze.Ft POLICYQUALINFO *
472d64f400Sschwarze.Fn POLICYQUALINFO_new void
482d64f400Sschwarze.Ft void
492d64f400Sschwarze.Fn POLICYQUALINFO_free "POLICYQUALINFO *pqi"
502d64f400Sschwarze.Ft USERNOTICE *
512d64f400Sschwarze.Fn USERNOTICE_new void
522d64f400Sschwarze.Ft void
532d64f400Sschwarze.Fn USERNOTICE_free "USERNOTICE *usernotice"
542d64f400Sschwarze.Ft NOTICEREF *
552d64f400Sschwarze.Fn NOTICEREF_new void
562d64f400Sschwarze.Ft void
572d64f400Sschwarze.Fn NOTICEREF_free "NOTICEREF *noticeref"
582d64f400Sschwarze.Ft POLICY_MAPPING *
592d64f400Sschwarze.Fn POLICY_MAPPING_new void
602d64f400Sschwarze.Ft void
612d64f400Sschwarze.Fn POLICY_MAPPING_free "POLICY_MAPPING *pm"
622d64f400Sschwarze.Ft POLICY_CONSTRAINTS *
632d64f400Sschwarze.Fn POLICY_CONSTRAINTS_new void
642d64f400Sschwarze.Ft void
652d64f400Sschwarze.Fn POLICY_CONSTRAINTS_free "POLICY_CONSTRAINTS *pc"
662d64f400Sschwarze.Sh DESCRIPTION
672d64f400SschwarzeX.509 CA and end entity certificates can optionally indicate
682d64f400Sschwarzerestrictions on their intended use.
692d64f400Sschwarze.Pp
702d64f400Sschwarze.Fn POLICYINFO_new
712d64f400Sschwarzeallocates and initializes an empty
722d64f400Sschwarze.Vt POLICYINFO
7356bc162bSschwarzeobject, representing an ASN.1
7456bc162bSschwarze.Vt PolicyInformation
7556bc162bSschwarzestructure defined in RFC 5280 section 4.2.1.4.
762d64f400SschwarzeIt can hold a policy identifier and optional advisory qualifiers.
772d64f400Sschwarze.Fn POLICYINFO_free
782d64f400Sschwarzefrees
792d64f400Sschwarze.Fa pi .
802d64f400Sschwarze.Pp
812d64f400Sschwarze.Fn CERTIFICATEPOLICIES_new
822d64f400Sschwarzeallocates and initializes an empty
832d64f400Sschwarze.Vt CERTIFICATEPOLICIES
842d64f400Sschwarzeobject, which is a
852d64f400Sschwarze.Vt STACK_OF(POLICYINFO)
86730642a4Sschwarzeand represents an ASN.1
87730642a4Sschwarze.Vt CertificatePolicies
88730642a4Sschwarzestructure defined in RFC 5280 section 4.2.1.4.
892d64f400SschwarzeIt can be used by
902d64f400Sschwarze.Vt X509
912d64f400Sschwarzeobjects, both by CA certificates and end entity certificates.
922d64f400Sschwarze.Fn CERTIFICATEPOLICIES_free
932d64f400Sschwarzefrees
942d64f400Sschwarze.Fa pis .
952d64f400Sschwarze.Pp
962d64f400Sschwarze.Fn POLICYQUALINFO_new
972d64f400Sschwarzeallocates and initializes an empty
982d64f400Sschwarze.Vt POLICYQUALINFO
9956bc162bSschwarzeobject, representing an ASN.1
10056bc162bSschwarze.Vt PolicyQualifierInfo
10156bc162bSschwarzestructure defined in RFC 5280 section 4.2.1.4.
1022d64f400SschwarzeIt can be used in
1032d64f400Sschwarze.Vt POLICYINFO
1042d64f400Sschwarzeand it can hold either a uniform resource identifier of a certification
1052d64f400Sschwarzepractice statement published by the CA, or a pointer to a
1062d64f400Sschwarze.Vt USERNOTICE
1072d64f400Sschwarzeobject, or arbitrary other information.
1082d64f400Sschwarze.Fn POLICYQUALINFO_free
1092d64f400Sschwarzefrees
1102d64f400Sschwarze.Fa pqi .
1112d64f400Sschwarze.Pp
1122d64f400Sschwarze.Fn USERNOTICE_new
1132d64f400Sschwarzeallocates and initializes an empty
1142d64f400Sschwarze.Vt USERNOTICE
11556bc162bSschwarzeobject, representing an ASN.1
11656bc162bSschwarze.Vt UserNotice
11756bc162bSschwarzestructure defined in RFC 5280 section 4.2.1.4.
1182d64f400SschwarzeIt can be used in
1192d64f400Sschwarze.Vt POLICYQUALINFO
1202d64f400Sschwarzeand it can hold either an
1212d64f400Sschwarze.Vt ASN1_STRING
1222d64f400Sschwarzeintended for display to the user or a pointer to a
1232d64f400Sschwarze.Vt NOTICEREF
1242d64f400Sschwarzeobject.
1252d64f400Sschwarze.Fn NOTICEREF_free
1262d64f400Sschwarzefrees
1272d64f400Sschwarze.Fa usernotice .
1282d64f400Sschwarze.Pp
1292d64f400Sschwarze.Fn NOTICEREF_new
1302d64f400Sschwarzeallocates and initializes an empty
1312d64f400Sschwarze.Vt NOTICEREF
13256bc162bSschwarzeobject, representing an ASN.1
13356bc162bSschwarze.Vt NoticeReference
13456bc162bSschwarzestructure defined in RFC 5280 section 4.2.1.4.
1352d64f400SschwarzeIt can be used in
1362d64f400Sschwarze.Vt USERNOTICE
1372d64f400Sschwarzeand can hold an organization name and a stack of notice numbers.
1382d64f400Sschwarze.Fn NOTICEREF_free
1392d64f400Sschwarzefrees
1402d64f400Sschwarze.Fa noticeref .
1412d64f400Sschwarze.Pp
1422d64f400Sschwarze.Fn POLICY_MAPPING_new
1432d64f400Sschwarzeallocates and initializes an empty
1442d64f400Sschwarze.Vt POLICY_MAPPING
14556bc162bSschwarzeobject, representing an ASN.1
14656bc162bSschwarze.Vt PolicyMappings
14756bc162bSschwarzestructure defined in RFC 5280 section 4.2.1.5.
1482d64f400SschwarzeIt can be used in
1492d64f400Sschwarze.Vt X509
1502d64f400SschwarzeCA certificates and can hold a list of pairs of policy identifiers,
1512d64f400Sschwarzedeclaring one of the policies in each pair as equivalent to the
1522d64f400Sschwarzeother.
1532d64f400Sschwarze.Fn POLICY_MAPPING_free
1542d64f400Sschwarzefrees
1552d64f400Sschwarze.Fa pm .
1562d64f400Sschwarze.Pp
1572d64f400Sschwarze.Fn POLICY_CONSTRAINTS_new
1582d64f400Sschwarzeallocates and initializes an empty
1592d64f400Sschwarze.Vt POLICY_CONSTRAINTS
16056bc162bSschwarzeobject, representing an ASN.1
16156bc162bSschwarze.Vt PolicyConstraints
16256bc162bSschwarzestructure defined in RFC 5280 section 4.2.1.11.
1632d64f400SschwarzeIt can be used in
1642d64f400Sschwarze.Vt X509
1652d64f400SschwarzeCA certificates to restrict policy mapping and/or to require explicit
1662d64f400Sschwarzecertificate policies in subsequent intermediate certificates in the
1672d64f400Sschwarzecertification path.
1682d64f400Sschwarze.Fn POLICY_CONSTRAINTS_free
1692d64f400Sschwarzefrees
1702d64f400Sschwarze.Fa pc .
1712d64f400Sschwarze.Sh RETURN VALUES
1722d64f400SschwarzeThe constructor functions return a new object of the respective
1732d64f400Sschwarzetype or
1742d64f400Sschwarze.Dv NULL
1752d64f400Sschwarzeif an error occurs.
1762d64f400Sschwarze.Sh SEE ALSO
1772d64f400Sschwarze.Xr BASIC_CONSTRAINTS_new 3 ,
1782d64f400Sschwarze.Xr NAME_CONSTRAINTS_new 3 ,
1792d64f400Sschwarze.Xr X509_EXTENSION_new 3 ,
1802d64f400Sschwarze.Xr X509_new 3
1812d64f400Sschwarze.Sh STANDARDS
1822d64f400SschwarzeRFC 5280: Internet X.509 Public Key Infrastructure Certificate and
1832d64f400SschwarzeCertificate Revocation List (CRL) Profile:
1842d64f400Sschwarze.Bl -dash -compact
1852d64f400Sschwarze.It
1862d64f400Sschwarzesection 4.2.1.4: Certificate Policies
1872d64f400Sschwarze.It
1882d64f400Sschwarzesection 4.2.1.5: Policy Mappings
1892d64f400Sschwarze.It
1902d64f400Sschwarzesection 4.2.1.11: Policy Constraints
1912d64f400Sschwarze.El
192c52b7c01Sschwarze.Sh HISTORY
193c52b7c01Sschwarze.Fn POLICYINFO_new ,
194c52b7c01Sschwarze.Fn POLICYINFO_free ,
195c52b7c01Sschwarze.Fn CERTIFICATEPOLICIES_new ,
196c52b7c01Sschwarze.Fn CERTIFICATEPOLICIES_free ,
197c52b7c01Sschwarze.Fn POLICYQUALINFO_new ,
198c52b7c01Sschwarze.Fn POLICYQUALINFO_free ,
199c52b7c01Sschwarze.Fn USERNOTICE_new ,
200c52b7c01Sschwarze.Fn USERNOTICE_free ,
201c52b7c01Sschwarze.Fn NOTICEREF_new ,
202c52b7c01Sschwarzeand
203c52b7c01Sschwarze.Fn NOTICEREF_free
204c52b7c01Sschwarzefirst appeared in OpenSSL 0.9.3 and have been available since
205c52b7c01Sschwarze.Ox 2.6 .
206*2c07bb3bSschwarze.Pp
207*2c07bb3bSschwarze.Fn POLICY_MAPPING_new ,
208*2c07bb3bSschwarze.Fn POLICY_MAPPING_free ,
209*2c07bb3bSschwarze.Fn POLICY_CONSTRAINTS_new ,
210*2c07bb3bSschwarzeand
211*2c07bb3bSschwarze.Fn POLICY_CONSTRAINTS_free
212*2c07bb3bSschwarzefirst appeared in OpenSSL 0.9.8 and have been available since
213*2c07bb3bSschwarze.Ox 4.5 .
2142d64f400Sschwarze.Sh BUGS
2152d64f400SschwarzeThis is a lot of nested data structures, but most of them are
2162d64f400Sschwarzedesigned to have almost no effect.
217