1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
|
.\" $OpenBSD: X509_policy_tree_level_count.3,v 1.4 2021/11/11 12:06:25 schwarze Exp $
.\"
.\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: November 11 2021 $
.Dt X509_POLICY_TREE_LEVEL_COUNT 3
.Os
.Sh NAME
.Nm X509_policy_tree_level_count ,
.Nm X509_policy_tree_get0_level ,
.Nm X509_policy_level_node_count ,
.Nm X509_policy_level_get0_node ,
.Nm X509_policy_node_get0_policy ,
.Nm X509_policy_node_get0_qualifiers ,
.Nm X509_policy_node_get0_parent
.Nd inspect X.509 policy tree objects
.Sh SYNOPSIS
.In openssl/x509_vfy.h
.Ft int
.Fn X509_policy_tree_level_count "const X509_POLICY_TREE *tree"
.Ft X509_POLICY_LEVEL *
.Fn X509_policy_tree_get0_level "const X509_POLICY_TREE *tree" "int index"
.Ft int
.Fn X509_policy_level_node_count "X509_POLICY_LEVEL *level"
.Ft X509_POLICY_NODE *
.Fn X509_policy_level_get0_node "X509_POLICY_LEVEL *level" "int index"
.Ft const ASN1_OBJECT *
.Fn X509_policy_node_get0_policy "const X509_POLICY_NODE *node"
.Ft STACK_OF(POLICYQUALINFO) *
.Fn X509_policy_node_get0_qualifiers "const X509_POLICY_NODE *node"
.Ft const X509_POLICY_NODE *
.Fn X509_policy_node_get0_parent "const X509_POLICY_NODE *node"
.Sh DESCRIPTION
The
.Vt X509_POLICY_TREE
object represents a
.Vt valid_policy_tree
as described in RFC 5280 section 6.1.
.Pp
The
.Vt X509_POLICY_LEVEL
object represents one level of such a tree,
corresponding to one certificate.
.Pp
The
.Vt X509_POLICY_NODE
object represents one node in the tree.
.Sh RETURN VALUES
.Fn X509_policy_tree_level_count
returns the number of levels in the
.Fa tree
or 0 if the
.Fa tree
argument is
.Dv NULL .
If it is not 0, it equals the number of certificates in the
certification path the tree was created from, including both
the target certificate and the trust anchor.
.Pp
.Fn X509_policy_tree_get0_level
returns an internal pointer to the level of the
.Fa tree
with the given
.Fa index
or
.Dv NULL
if the
.Fa tree
argument is
.Dv NULL
or the
.Fa index
is less than 0 or greater than or equal to the number of levels in the
.Fa tree .
An
.Fa index
of 0 corresponds to the trust anchor
and the last level corresponds to the target certificate.
.Pp
.Fn X509_policy_level_node_count
returns the number of nodes on the
.Fa level ,
including an
.Sy anyPolicy
node if it is present, or 0 if the
.Fa level
argument is
.Dv NULL .
.Pp
.Fn X509_policy_level_get0_node
returns an internal pointer to the node on the
.Fa level
with the given
.Fa index
or
.Dv NULL
if the
.Fa level
argument is
.Dv NULL
or the
.Fa index
is less than 0 or greater than or equal to the number of nodes on the level.
If an
.Sy anyPolicy
node is present on the level, it can be retrieved by passing an
.Fa index
of 0.
.Pp
.Fn X509_policy_node_get0_policy
returns an internal pointer to the
.Fa valid_policy
child object of the node or
.Dv NULL
if the
.Fa node
argument is
.Dv NULL .
It represents a single policy that is valid for the path
from the trust anchor to the certificate corresponding
to the level containing the
.Fa node .
.Pp
.Fn X509_policy_node_get0_qualifiers
returns an internal pointer to the
.Fa qualifier_set
child object of the node or
.Dv NULL
if the
.Fa node
argument is
.Dv NULL .
It contains the policy qualifiers associated with the
.Fa valid_policy
of the
.Fa node
in the certificate corresponding to the level containing the
.Fa node .
.Pp
.Fn X509_policy_node_get0_parent
returns
.Dv NULL
if the
.Fa node
argument is
.Dv NULL
or located on level 0.
Otherwise, it returns an an internal pointer to the parent node of the
.Fa node
argument.
The parent node is always located on the previous level.
.Sh SEE ALSO
.Xr ASN1_OBJECT_new 3 ,
.Xr OBJ_obj2txt 3 ,
.Xr POLICYQUALINFO_new 3 ,
.Xr STACK_OF 3 ,
.Xr X509_new 3 ,
.Xr X509_policy_check 3 ,
.Xr X509_policy_tree_get0_policies 3
.Sh STANDARDS
RFC 5280: Internet X.509 Public Key Infrastructure Certificate
and Certificate Revocation List (CRL) Profile,
section 6.1: Basic Path Validation
.Sh HISTORY
These function first appeared in OpenSSL 0.9.8 and have been available since
.Ox 4.5 .
|
