pkc_constraints.class(3sec) — Subroutines
NAME
pkc_constraints.class — A class that expresses constraints on names
Member Data
Public
•unsigned path_length
The maximum path length that can be certified by the key (if the entity can act as a certifying authority). 0xffffu means “unlimited”.
•pkc_name_subord_constraints_t subord_constraints
•pkc_name_subtree_constraints_t subtree_constraints
Member Functions
Public
•pkc_constraints_t & operator = (const pkc_constraints_t & o)
•pkc_constraints_t(void)
•unsigned32 constrain()
Adds the specified constraints. Takes the following argument:
•const pkc_constraints_t & o
•char is_permitted() const
Takes the following arguments:
•const x500name & ca_name
•const x500name & subject_name
•void get_next_link_constraint() const
Generates a new name constraint that will be applicable to a certificate issued by the subject of this constraint. Takes the following argument:
•pkc_constraints_t ∗∗ new_constraints
Description
pkc_constraints_t is a class that expresses constraints on the names that can be certified by a given key. Three types of constraint can be checked: total path length, name subordination, and subtree constraints.
The certificate manipulation routines are a C++ interface. C++ must be used to perform direct certificate manipulation.
Related Information
Classes: pkc_ca_key_usage.class(3sec), pkc_generic_key_usage.class(3sec), pkc_key_policies.class(3sec), pkc_key_policy.class(3sec), pkc_key_usage.class(3sec), pkc_name_subord_constraint.class(3sec), pkc_name_subord_constraints.class(3sec), pkc_name_subtree_constraint.class(3sec), pkc_name_subtree_constraints.class(3sec), pkc_pending_revocation.class(3sec), pkc_revocation.class(3sec), pkc_revocation_list.class(3sec), pkc_trust_list.class(3sec), pkc_trust_list_element.class(3sec), pkc_trusted_key.class(3sec).