Sortix cisortix manual
This manual documents Sortix cisortix. You can instead view this document in the latest official manual.
NAME
X509_policy_check, X509_policy_tree_free — construct X.509 valid policy treeSYNOPSIS
#include <openssl/x509_vfy.h>X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy, STACK_OF(X509) *certs, STACK_OF(ASN1_OBJECT) *policy_oids, unsigned int flags);
X509_policy_tree_free(X509_POLICY_TREE *tree);
DESCRIPTION
X509_policy_check() performs those parts of Basic Certification Path Validation described in RFC 5280 section 6.1 that are related to the construction of the valid policy tree.- X509_V_FLAG_EXPLICIT_POLICY
- Set initial-explicit-policy as defined by RFC 5280 paragraph 6.1.1(f). It requires the path to be valid for at least one of the policy_oids.
- X509_V_FLAG_INHIBIT_ANY
- Set initial-any-policy-inhibit as defined by RFC 5280 paragraph 6.1.1(g). It causes the anyPolicy OID to be skipped if it is encountered in a certificate.
- X509_V_FLAG_INHIBIT_MAP
- Set initial-policy-mapping-inhibit as defined by RFC 5280 paragraph 6.1.1(e). It disables policy mapping in the certification path.
RETURN VALUES
X509_policy_check() returns these values:- -2
- Validation failed because X509_V_FLAG_EXPLICIT_POLICY was requested but the resulting policy tree or the resulting user policy set would have been empty. In this case, *pexplicit_policy is set to 1. If the resulting tree is empty, *ptree is set to NULL; otherwise, it is set to the resulting tree.
- -1
- At least one of the certs contains invalid or inconsistent extensions. *ptree is set to NULL and *pexplicit_policy to 0.
- 0
- Internal error. For example, setting up the policy caches failed, or memory allocation failed while constructing the tree. *ptree is set to NULL and *pexplicit_policy may or may not be set.
- 1
- Validation succeeded and *ptree and *pexplicit_policy have been set. In the special cases that the certs argument contains exactly one certificate or that X509_V_FLAG_EXPLICIT_POLICY was not requested and at least one of the certificates contains no certificate policies or the resulting policy tree would have been empty, *ptree is set to NULL and *pexplicit_policy to 0.