1*2d64f400Sschwarze.\" $OpenBSD: POLICYINFO_new.3,v 1.1 2016/12/23 18:50:23 schwarze Exp $ 2*2d64f400Sschwarze.\" 3*2d64f400Sschwarze.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org> 4*2d64f400Sschwarze.\" 5*2d64f400Sschwarze.\" Permission to use, copy, modify, and distribute this software for any 6*2d64f400Sschwarze.\" purpose with or without fee is hereby granted, provided that the above 7*2d64f400Sschwarze.\" copyright notice and this permission notice appear in all copies. 8*2d64f400Sschwarze.\" 9*2d64f400Sschwarze.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10*2d64f400Sschwarze.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11*2d64f400Sschwarze.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12*2d64f400Sschwarze.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13*2d64f400Sschwarze.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14*2d64f400Sschwarze.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15*2d64f400Sschwarze.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16*2d64f400Sschwarze.\" 17*2d64f400Sschwarze.Dd $Mdocdate: December 23 2016 $ 18*2d64f400Sschwarze.Dt POLICYINFO_NEW 3 19*2d64f400Sschwarze.Os 20*2d64f400Sschwarze.Sh NAME 21*2d64f400Sschwarze.Nm POLICYINFO_new , 22*2d64f400Sschwarze.Nm POLICYINFO_free , 23*2d64f400Sschwarze.Nm CERTIFICATEPOLICIES_new , 24*2d64f400Sschwarze.Nm CERTIFICATEPOLICIES_free , 25*2d64f400Sschwarze.Nm POLICYQUALINFO_new , 26*2d64f400Sschwarze.Nm POLICYQUALINFO_free , 27*2d64f400Sschwarze.Nm USERNOTICE_new , 28*2d64f400Sschwarze.Nm USERNOTICE_free , 29*2d64f400Sschwarze.Nm NOTICEREF_new , 30*2d64f400Sschwarze.Nm NOTICEREF_free , 31*2d64f400Sschwarze.Nm POLICY_MAPPING_new , 32*2d64f400Sschwarze.Nm POLICY_MAPPING_free , 33*2d64f400Sschwarze.Nm POLICY_CONSTRAINTS_new , 34*2d64f400Sschwarze.Nm POLICY_CONSTRAINTS_free 35*2d64f400Sschwarze.Nd X.509 certificate policies 36*2d64f400Sschwarze.Sh SYNOPSIS 37*2d64f400Sschwarze.In openssl/x509v3.h 38*2d64f400Sschwarze.Ft POLICYINFO * 39*2d64f400Sschwarze.Fn POLICYINFO_new void 40*2d64f400Sschwarze.Ft void 41*2d64f400Sschwarze.Fn POLICYINFO_free "POLICYINFO *pi" 42*2d64f400Sschwarze.Ft CERTIFICATEPOLICIES * 43*2d64f400Sschwarze.Fn CERTIFICATEPOLICIES_new void 44*2d64f400Sschwarze.Ft void 45*2d64f400Sschwarze.Fn CERTIFICATEPOLICIES_free "CERTIFICATEPOLICIES *pis" 46*2d64f400Sschwarze.Ft POLICYQUALINFO * 47*2d64f400Sschwarze.Fn POLICYQUALINFO_new void 48*2d64f400Sschwarze.Ft void 49*2d64f400Sschwarze.Fn POLICYQUALINFO_free "POLICYQUALINFO *pqi" 50*2d64f400Sschwarze.Ft USERNOTICE * 51*2d64f400Sschwarze.Fn USERNOTICE_new void 52*2d64f400Sschwarze.Ft void 53*2d64f400Sschwarze.Fn USERNOTICE_free "USERNOTICE *usernotice" 54*2d64f400Sschwarze.Ft NOTICEREF * 55*2d64f400Sschwarze.Fn NOTICEREF_new void 56*2d64f400Sschwarze.Ft void 57*2d64f400Sschwarze.Fn NOTICEREF_free "NOTICEREF *noticeref" 58*2d64f400Sschwarze.Ft POLICY_MAPPING * 59*2d64f400Sschwarze.Fn POLICY_MAPPING_new void 60*2d64f400Sschwarze.Ft void 61*2d64f400Sschwarze.Fn POLICY_MAPPING_free "POLICY_MAPPING *pm" 62*2d64f400Sschwarze.Ft POLICY_CONSTRAINTS * 63*2d64f400Sschwarze.Fn POLICY_CONSTRAINTS_new void 64*2d64f400Sschwarze.Ft void 65*2d64f400Sschwarze.Fn POLICY_CONSTRAINTS_free "POLICY_CONSTRAINTS *pc" 66*2d64f400Sschwarze.Sh DESCRIPTION 67*2d64f400SschwarzeX.509 CA and end entity certificates can optionally indicate 68*2d64f400Sschwarzerestrictions on their intended use. 69*2d64f400Sschwarze.Pp 70*2d64f400Sschwarze.Fn POLICYINFO_new 71*2d64f400Sschwarzeallocates and initializes an empty 72*2d64f400Sschwarze.Vt POLICYINFO 73*2d64f400Sschwarzeobject, representing an ASN.1 PolicyInformation structure 74*2d64f400Sschwarzedefined in RFC 5280 section 4.2.1.4. 75*2d64f400SschwarzeIt can hold a policy identifier and optional advisory qualifiers. 76*2d64f400Sschwarze.Fn POLICYINFO_free 77*2d64f400Sschwarzefrees 78*2d64f400Sschwarze.Fa pi . 79*2d64f400Sschwarze.Pp 80*2d64f400Sschwarze.Fn CERTIFICATEPOLICIES_new 81*2d64f400Sschwarzeallocates and initializes an empty 82*2d64f400Sschwarze.Vt CERTIFICATEPOLICIES 83*2d64f400Sschwarzeobject, which is a 84*2d64f400Sschwarze.Vt STACK_OF(POLICYINFO) 85*2d64f400Sschwarzeand represents an ASN.1 CertificatePolicies structure 86*2d64f400Sschwarzedefined in RFC 5280 section 4.2.1.4. 87*2d64f400SschwarzeIt can be used by 88*2d64f400Sschwarze.Vt X509 89*2d64f400Sschwarzeobjects, both by CA certificates and end entity certificates. 90*2d64f400Sschwarze.Fn CERTIFICATEPOLICIES_free 91*2d64f400Sschwarzefrees 92*2d64f400Sschwarze.Fa pis . 93*2d64f400Sschwarze.Pp 94*2d64f400Sschwarze.Fn POLICYQUALINFO_new 95*2d64f400Sschwarzeallocates and initializes an empty 96*2d64f400Sschwarze.Vt POLICYQUALINFO 97*2d64f400Sschwarzeobject, representing an ASN.1 PolicyQualifierInfo structure 98*2d64f400Sschwarzedefined in RFC 5280 section 4.2.1.4. 99*2d64f400SschwarzeIt can be used in 100*2d64f400Sschwarze.Vt POLICYINFO 101*2d64f400Sschwarzeand it can hold either a uniform resource identifier of a certification 102*2d64f400Sschwarzepractice statement published by the CA, or a pointer to a 103*2d64f400Sschwarze.Vt USERNOTICE 104*2d64f400Sschwarzeobject, or arbitrary other information. 105*2d64f400Sschwarze.Fn POLICYQUALINFO_free 106*2d64f400Sschwarzefrees 107*2d64f400Sschwarze.Fa pqi . 108*2d64f400Sschwarze.Pp 109*2d64f400Sschwarze.Fn USERNOTICE_new 110*2d64f400Sschwarzeallocates and initializes an empty 111*2d64f400Sschwarze.Vt USERNOTICE 112*2d64f400Sschwarzeobject, representing an ASN.1 UserNotice structure 113*2d64f400Sschwarzedefined in RFC 5280 section 4.2.1.4. 114*2d64f400SschwarzeIt can be used in 115*2d64f400Sschwarze.Vt POLICYQUALINFO 116*2d64f400Sschwarzeand it can hold either an 117*2d64f400Sschwarze.Vt ASN1_STRING 118*2d64f400Sschwarzeintended for display to the user or a pointer to a 119*2d64f400Sschwarze.Vt NOTICEREF 120*2d64f400Sschwarzeobject. 121*2d64f400Sschwarze.Fn NOTICEREF_free 122*2d64f400Sschwarzefrees 123*2d64f400Sschwarze.Fa usernotice . 124*2d64f400Sschwarze.Pp 125*2d64f400Sschwarze.Fn NOTICEREF_new 126*2d64f400Sschwarzeallocates and initializes an empty 127*2d64f400Sschwarze.Vt NOTICEREF 128*2d64f400Sschwarzeobject, representing an ASN.1 NoticeReference structure 129*2d64f400Sschwarzedefined in RFC 5280 section 4.2.1.4. 130*2d64f400SschwarzeIt can be used in 131*2d64f400Sschwarze.Vt USERNOTICE 132*2d64f400Sschwarzeand can hold an organization name and a stack of notice numbers. 133*2d64f400Sschwarze.Fn NOTICEREF_free 134*2d64f400Sschwarzefrees 135*2d64f400Sschwarze.Fa noticeref . 136*2d64f400Sschwarze.Pp 137*2d64f400Sschwarze.Fn POLICY_MAPPING_new 138*2d64f400Sschwarzeallocates and initializes an empty 139*2d64f400Sschwarze.Vt POLICY_MAPPING 140*2d64f400Sschwarzeobject, representing an ASN.1 PolicyMappings structure 141*2d64f400Sschwarzedefined in RFC 5280 section 4.2.1.5. 142*2d64f400SschwarzeIt can be used in 143*2d64f400Sschwarze.Vt X509 144*2d64f400SschwarzeCA certificates and can hold a list of pairs of policy identifiers, 145*2d64f400Sschwarzedeclaring one of the policies in each pair as equivalent to the 146*2d64f400Sschwarzeother. 147*2d64f400Sschwarze.Fn POLICY_MAPPING_free 148*2d64f400Sschwarzefrees 149*2d64f400Sschwarze.Fa pm . 150*2d64f400Sschwarze.Pp 151*2d64f400Sschwarze.Fn POLICY_CONSTRAINTS_new 152*2d64f400Sschwarzeallocates and initializes an empty 153*2d64f400Sschwarze.Vt POLICY_CONSTRAINTS 154*2d64f400Sschwarzeobject, representing an ASN.1 PolicyConstraints structure 155*2d64f400Sschwarzedefined in RFC 5280 section 4.2.1.11. 156*2d64f400SschwarzeIt can be used in 157*2d64f400Sschwarze.Vt X509 158*2d64f400SschwarzeCA certificates to restrict policy mapping and/or to require explicit 159*2d64f400Sschwarzecertificate policies in subsequent intermediate certificates in the 160*2d64f400Sschwarzecertification path. 161*2d64f400Sschwarze.Fn POLICY_CONSTRAINTS_free 162*2d64f400Sschwarzefrees 163*2d64f400Sschwarze.Fa pc . 164*2d64f400Sschwarze.Sh RETURN VALUES 165*2d64f400SschwarzeThe constructor functions return a new object of the respective 166*2d64f400Sschwarzetype or 167*2d64f400Sschwarze.Dv NULL 168*2d64f400Sschwarzeif an error occurs. 169*2d64f400Sschwarze.Sh SEE ALSO 170*2d64f400Sschwarze.Xr BASIC_CONSTRAINTS_new 3 , 171*2d64f400Sschwarze.Xr NAME_CONSTRAINTS_new 3 , 172*2d64f400Sschwarze.Xr X509_EXTENSION_new 3 , 173*2d64f400Sschwarze.Xr X509_new 3 174*2d64f400Sschwarze.Sh STANDARDS 175*2d64f400SschwarzeRFC 5280: Internet X.509 Public Key Infrastructure Certificate and 176*2d64f400SschwarzeCertificate Revocation List (CRL) Profile: 177*2d64f400Sschwarze.Bl -dash -compact 178*2d64f400Sschwarze.It 179*2d64f400Sschwarzesection 4.2.1.4: Certificate Policies 180*2d64f400Sschwarze.It 181*2d64f400Sschwarzesection 4.2.1.5: Policy Mappings 182*2d64f400Sschwarze.It 183*2d64f400Sschwarzesection 4.2.1.11: Policy Constraints 184*2d64f400Sschwarze.El 185*2d64f400Sschwarze.Sh BUGS 186*2d64f400SschwarzeThis is a lot of nested data structures, but most of them are 187*2d64f400Sschwarzedesigned to have almost no effect. 188