1*5bcdf354Sschwarze.\" $OpenBSD: BASIC_CONSTRAINTS_new.3,v 1.6 2021/10/27 11:24:47 schwarze Exp $ 2e4e67a22Sschwarze.\" 3e4e67a22Sschwarze.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org> 4e4e67a22Sschwarze.\" 5e4e67a22Sschwarze.\" Permission to use, copy, modify, and distribute this software for any 6e4e67a22Sschwarze.\" purpose with or without fee is hereby granted, provided that the above 7e4e67a22Sschwarze.\" copyright notice and this permission notice appear in all copies. 8e4e67a22Sschwarze.\" 9e4e67a22Sschwarze.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10e4e67a22Sschwarze.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11e4e67a22Sschwarze.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12e4e67a22Sschwarze.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13e4e67a22Sschwarze.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14e4e67a22Sschwarze.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15e4e67a22Sschwarze.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16e4e67a22Sschwarze.\" 17*5bcdf354Sschwarze.Dd $Mdocdate: October 27 2021 $ 18e4e67a22Sschwarze.Dt BASIC_CONSTRAINTS_NEW 3 19e4e67a22Sschwarze.Os 20e4e67a22Sschwarze.Sh NAME 21e4e67a22Sschwarze.Nm BASIC_CONSTRAINTS_new , 22e4e67a22Sschwarze.Nm BASIC_CONSTRAINTS_free 23e4e67a22Sschwarze.Nd X.509 extension to mark CA certificates 24e4e67a22Sschwarze.Sh SYNOPSIS 25e4e67a22Sschwarze.In openssl/x509v3.h 26e4e67a22Sschwarze.Ft BASIC_CONSTRAINTS * 27e4e67a22Sschwarze.Fn BASIC_CONSTRAINTS_new void 28e4e67a22Sschwarze.Ft void 29e4e67a22Sschwarze.Fn BASIC_CONSTRAINTS_free "BASIC_CONSTRAINTS *bc" 30e4e67a22Sschwarze.Sh DESCRIPTION 31e4e67a22Sschwarze.Fn BASIC_CONSTRAINTS_new 32e4e67a22Sschwarzeallocates and initializes an empty 33e4e67a22Sschwarze.Vt BASIC_CONSTRAINTS 3456bc162bSschwarzeobject, representing an ASN.1 3556bc162bSschwarze.Vt BasicConstraints 3656bc162bSschwarzestructure defined in RFC 5280 section 4.2.1.9. 37e4e67a22Sschwarze.Pp 38e4e67a22SschwarzeThis object contains two fields. 39e4e67a22SschwarzeThe field 40e4e67a22Sschwarze.Fa "int ca" 41e4e67a22Sschwarzeis non-zero if the certificate is a CA certificate. 42e4e67a22SschwarzeThe field 43e4e67a22Sschwarze.Fa "ASN1_INTEGER *pathlen" 44e4e67a22Sschwarzespecifies the maximum number of non-self-issued intermediate 45e4e67a22Sschwarzecertificates that may follow this certificate in a valid 46e4e67a22Sschwarzecertification path. 47e4e67a22Sschwarze.Pp 48e4e67a22SschwarzeIf an X.509 version 3 certificate does not contain this extension 49e4e67a22Sschwarzeor if the 50e4e67a22Sschwarze.Fa ca 51e4e67a22Sschwarzefield of the 52e4e67a22Sschwarze.Vt BASIC_CONSTRAINTS 53e4e67a22Sschwarzeobject is 0, or if the certificate contains a key usage extension 54e4e67a22Sschwarzehaving the 55e4e67a22Sschwarze.Dv KU_KEY_CERT_SIGN 56e4e67a22Sschwarzebit unset, then it is not a CA certificate but an end entity 57e4e67a22Sschwarzecertificate. 58e4e67a22Sschwarze.Pp 59e4e67a22Sschwarze.Fn BASIC_CONSTRAINTS_free 60e4e67a22Sschwarzefrees 61e4e67a22Sschwarze.Fa bc . 62e4e67a22Sschwarze.Sh RETURN VALUES 63e4e67a22Sschwarze.Fn BASIC_CONSTRAINTS_new 64e4e67a22Sschwarzereturns the new 65e4e67a22Sschwarze.Vt BASIC_CONSTRAINTS 66e4e67a22Sschwarzeobject or 67e4e67a22Sschwarze.Dv NULL 68e4e67a22Sschwarzeif an error occurs. 69e4e67a22Sschwarze.Sh SEE ALSO 70c4c55c71Sschwarze.Xr d2i_BASIC_CONSTRAINTS 3 , 71cbd4470fSschwarze.Xr X509_check_purpose 3 , 72e4e67a22Sschwarze.Xr X509_EXTENSION_new 3 , 73*5bcdf354Sschwarze.Xr X509_get_extension_flags 3 , 74e4e67a22Sschwarze.Xr X509_new 3 75e4e67a22Sschwarze.Sh STANDARDS 76e4e67a22SschwarzeRFC 5280: Internet X.509 Public Key Infrastructure Certificate and 77e4e67a22SschwarzeCertificate Revocation List (CRL) Profile: 78e4e67a22Sschwarze.Bl -dash -compact 79e4e67a22Sschwarze.It 80e4e67a22Sschwarzesection 4.2.1.9: Basic Constraints 81e4e67a22Sschwarze.It 82e4e67a22Sschwarzesection 6.1: Basic Path Validation 83e4e67a22Sschwarze.El 8462a6a299Sschwarze.Sh HISTORY 8562a6a299Sschwarze.Fn BASIC_CONSTRAINTS_new 8662a6a299Sschwarzeand 8762a6a299Sschwarze.Fn BASIC_CONSTRAINTS_free 8862a6a299Sschwarzefirst appeared in OpenSSL 0.9.2b and have been available since 8962a6a299Sschwarze.Ox 2.6 . 90