EXTENDED_KEY_USAGE_NEW(3)  Library Functions Manual  EXTENDED_KEY_USAGE_NEW(3)

NAME
     EXTENDED_KEY_USAGE_new, EXTENDED_KEY_USAGE_free - X.509 key usage
     restrictions

SYNOPSIS
     #include <openssl/x509v3.h>

     EXTENDED_KEY_USAGE
     EXTENDED_KEY_USAGE_new(void);

     void
     EXTENDED_KEY_USAGE_free(EXTENDED_KEY_USAGE *eku);

DESCRIPTION
     By using the key usage extension, the extended key usage extension, or
     both of them, X509 end entity certificates may indicate that the key
     contained in them is only intended to be used for the specified purposes.
     If both extensions are present, only uses compatible with both extensions
     are intended.

     EXTENDED_KEY_USAGE_new() allocates and initializes an empty
     EXTENDED_KEY_USAGE object, which is a STACK_OF(ASN1_OBJECT) and
     represents an ASN.1 ExtKeyUsageSyntax structure defined in RFC 5280
     section 4.2.1.12.  It can hold key purpose identifiers.

     EXTENDED_KEY_USAGE_free() frees eku.

     The key usage extension uses the ASN.1 BIT STRING data type and doesn't
     require any dedicated object.

RETURN VALUES
     EXTENDED_KEY_USAGE_new() returns the new EXTENDED_KEY_USAGE object or
     NULL if an error occurs.

SEE ALSO
     BASIC_CONSTRAINTS_new(3), d2i_EXTENDED_KEY_USAGE(3), POLICYINFO_new(3),
     X509_check_purpose(3), X509_EXTENSION_new(3),
     X509_get_extension_flags(3), X509_new(3)

STANDARDS
     RFC 5280: Internet X.509 Public Key Infrastructure Certificate and
     Certificate Revocation List (CRL) Profile:
     -   section 4.2.1.3: Key Usage
     -   section 4.2.1.12: Extended Key Usage

HISTORY
     EXTENDED_KEY_USAGE_new() and EXTENDED_KEY_USAGE_free() first appeared in
     OpenSSL 0.9.7 and have been available since OpenBSD 3.2.

Linux 6.8.7-arch1-1            October 27, 2021            Linux 6.8.7-arch1-1