.\" $OpenBSD: PROXY_POLICY_new.3,v 1.6 2021/10/27 11:24:47 schwarze Exp $ .\" .\" Copyright (c) 2016 Ingo Schwarze .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above .\" copyright notice and this permission notice appear in all copies. .\" .\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES .\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF .\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR .\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" .Dd $Mdocdate: October 27 2021 $ .Dt PROXY_POLICY_NEW 3 .Os .Sh NAME .Nm PROXY_POLICY_new , .Nm PROXY_POLICY_free , .Nm PROXY_CERT_INFO_EXTENSION_new , .Nm PROXY_CERT_INFO_EXTENSION_free .Nd X.509 proxy certificate extension .Sh SYNOPSIS .In openssl/x509v3.h .Ft PROXY_POLICY * .Fn PROXY_POLICY_new void .Ft void .Fn PROXY_POLICY_free "PROXY_POLICY *pp" .Ft PROXY_CERT_INFO_EXTENSION * .Fn PROXY_CERT_INFO_EXTENSION_new void .Ft void .Fn PROXY_CERT_INFO_EXTENSION_free "PROXY_CERT_INFO_EXTENSION *pcie" .Sh DESCRIPTION If a given non-CA certificate grants any privileges, using that certificate to issue a proxy certificate and handing that proxy certificate over to another person, organization, or service allows the bearer of the proxy certificate to exercise some or all of the privileges on behalf of the subject of the original certificate. .Pp .Fn PROXY_POLICY_new allocates and initializes an empty .Vt PROXY_POLICY object, representing an ASN.1 .Vt ProxyPolicy structure defined in RFC 3820 section 3.8. It defines which privileges are to be delegated. .Fn PROXY_POLICY_free frees .Fa pp . .Pp .Fn PROXY_CERT_INFO_EXTENSION_new allocates and initializes an empty .Vt PROXY_CERT_INFO_EXTENSION object, representing an ASN.1 .Vt ProxyCertInfo structure defined in RFC 3820 section 3.8. It can contain a .Vt PROXY_POLICY object, and it can additionally restrict the maximum depth of the path of proxy certificates that can be signed by this proxy certificate. .Fn PROXY_CERT_INFO_EXTENSION_free frees .Fa pcie . .Pp If a non-CA certificate contains a .Vt PROXY_CERT_INFO_EXTENSION , it is a proxy certificate; otherwise, it is an end entity certificate. .Sh RETURN VALUES .Fn PROXY_POLICY_new and .Fn PROXY_CERT_INFO_EXTENSION_new return the new .Vt PROXY_POLICY or .Vt PROXY_CERT_INFO_EXTENSION object, respectively, or .Dv NULL if an error occurs. .Sh SEE ALSO .Xr BASIC_CONSTRAINTS_new 3 , .Xr d2i_PROXY_POLICY 3 , .Xr EXTENDED_KEY_USAGE_new 3 , .Xr POLICYINFO_new 3 , .Xr X509_EXTENSION_new 3 , .Xr X509_get_extension_flags 3 , .Xr X509_new 3 .Sh STANDARDS RFC 3820: Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate Profile .Sh HISTORY These functions first appeared in OpenSSL 0.9.7g and have been available since .Ox 3.8 .