NAME_CONSTRAINTS_NEW(3) Library Functions Manual NAME_CONSTRAINTS_NEW(3) NAME NAME_CONSTRAINTS_new, NAME_CONSTRAINTS_free, GENERAL_SUBTREE_new, GENERAL_SUBTREE_free - X.509 CA name constraints extension SYNOPSIS #include NAME_CONSTRAINTS * NAME_CONSTRAINTS_new(void); void NAME_CONSTRAINTS_free(NAME_CONSTRAINTS *names); GENERAL_SUBTREE * GENERAL_SUBTREE_new(void); void GENERAL_SUBTREE_free(GENERAL_SUBTREE *name); DESCRIPTION X.509 CA certificates can use the name constraints extension to restrict the subject names of subsequent certificates in a certification path. NAME_CONSTRAINTS_new() allocates and initializes an empty NAME_CONSTRAINTS object, representing an ASN.1 NameConstraints structure defined in RFC 5280 section 4.2.1.10. It consists of two STACK_OF(GENERAL_SUBTREE) objects, one specifying permitted names, the other excluded names. NAME_CONSTRAINTS_free() frees names. GENERAL_SUBTREE_new() allocates and initializes an empty GENERAL_SUBTREE object, representing an ASN.1 GeneralSubtree structure defined in RFC 5280 section 4.2.1.10. It is a trivial wrapper around the GENERAL_NAME object documented in GENERAL_NAME_new(3). The standard requires the other fields of GENERAL_SUBTREE to be ignored. GENERAL_SUBTREE_free() frees name. RETURN VALUES NAME_CONSTRAINTS_new() and GENERAL_SUBTREE_new() return the new NAME_CONSTRAINTS or GENERAL_SUBTREE object, respectively, or NULL if an error occurs. SEE ALSO BASIC_CONSTRAINTS_new(3), GENERAL_NAMES_new(3), X509_EXTENSION_new(3), X509_new(3) STANDARDS RFC 5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile, section 4.2.1.10: Name Constraints HISTORY NAME_CONSTRAINTS_new(), NAME_CONSTRAINTS_free(), GENERAL_SUBTREE_new(), and GENERAL_SUBTREE_free() first appeared in OpenSSL 0.9.8 and have been available since OpenBSD 4.5. Linux 6.8.2-arch2-1 September 17, 2020 Linux 6.8.2-arch2-1