xref: /openbsd-src/lib/libcrypto/man/BASIC_CONSTRAINTS_new.3 (revision ae3cb403620ab940fbaabb3055fac045a63d56b7) 
1.\"	$OpenBSD: BASIC_CONSTRAINTS_new.3,v 1.2 2016/12/25 22:15:10 schwarze Exp $
2.\"
3.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
4.\"
5.\" Permission to use, copy, modify, and distribute this software for any
6.\" purpose with or without fee is hereby granted, provided that the above
7.\" copyright notice and this permission notice appear in all copies.
8.\"
9.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16.\"
17.Dd $Mdocdate: December 25 2016 $
18.Dt BASIC_CONSTRAINTS_NEW 3
19.Os
20.Sh NAME
21.Nm BASIC_CONSTRAINTS_new ,
22.Nm BASIC_CONSTRAINTS_free
23.Nd X.509 extension to mark CA certificates
24.Sh SYNOPSIS
25.In openssl/x509v3.h
26.Ft BASIC_CONSTRAINTS *
27.Fn BASIC_CONSTRAINTS_new void
28.Ft void
29.Fn BASIC_CONSTRAINTS_free "BASIC_CONSTRAINTS *bc"
30.Sh DESCRIPTION
31.Fn BASIC_CONSTRAINTS_new
32allocates and initializes an empty
33.Vt BASIC_CONSTRAINTS
34object, representing an ASN.1
35.Vt BasicConstraints
36structure defined in RFC 5280 section 4.2.1.9.
37.Pp
38This object contains two fields.
39The field
40.Fa "int ca"
41is non-zero if the certificate is a CA certificate.
42The field
43.Fa "ASN1_INTEGER *pathlen"
44specifies the maximum number of non-self-issued intermediate
45certificates that may follow this certificate in a valid
46certification path.
47.Pp
48If an X.509 version 3 certificate does not contain this extension
49or if the
50.Fa ca
51field of the
52.Vt BASIC_CONSTRAINTS
53object is 0, or if the certificate contains a key usage extension
54having the
55.Dv KU_KEY_CERT_SIGN
56bit unset, then it is not a CA certificate but an end entity
57certificate.
58.Pp
59.Fn BASIC_CONSTRAINTS_free
60frees
61.Fa bc .
62.Sh RETURN VALUES
63.Fn BASIC_CONSTRAINTS_new
64returns the new
65.Vt BASIC_CONSTRAINTS
66object or
67.Dv NULL
68if an error occurs.
69.Sh SEE ALSO
70.Xr X509_EXTENSION_new 3 ,
71.Xr X509_new 3
72.Sh STANDARDS
73RFC 5280: Internet X.509 Public Key Infrastructure Certificate and
74Certificate Revocation List (CRL) Profile:
75.Bl -dash -compact
76.It
77section 4.2.1.9: Basic Constraints
78.It
79section 6.1: Basic Path Validation
80.El
81