pkc_constraints.class(3sec)

Member Data

Public

· unsigned path_length
The maximum path length that can be certified by the key (if the entity can act as a certifying authority). 0xffffu means "unlimited''.

· pkc_name_subord_constraints_t subord_constraints

· pkc_name_subtree_constraints_t subtree_constraints

Member Functions

Public

· pkc_constraints_t & operator = (const pkc_constraints_t & o)

· pkc_constraints_t(void)

· unsigned32 constrain(~)
Adds the specified constraints. Takes the following argument:

- const pkc_constraints_t & o

· char is_permitted( ) const
Takes the following arguments:

- const x500name & ca_name

- const x500name & subject_name

· void get_next_link_constraint( ) const
Generates a new name constraint that will be applicable to a certificate issued by the subject of this constraint. Takes the following argument:

- pkc_constraints_t ** new_constraints

Description

pkc_constraints_t is a class that expresses constraints on the names that can be certified by a given key. Three types of constraint can be checked: total path length, name subordination, and subtree constraints.

The certificate manipulation routines are a C++ interface. C++ must be used to perform direct certificate manipulation.

Related Information

Classes:
pkc_ca_key_usage.class(3sec)
pkc_generic_key_usage.class(3sec)
pkc_key_policies.class(3sec)
pkc_key_policy.class(3sec)
pkc_key_usage.class(3sec)
pkc_name_subord_constraint.class(3sec)
pkc_name_subord_constraints.class(3sec)
pkc_name_subtree_constraint.class(3sec)
pkc_name_subtree_constraints.class(3sec)
pkc_pending_revocation.class(3sec)
pkc_revocation.class(3sec)
pkc_revocation_list.class(3sec)
pkc_trust_list.class(3sec)
pkc_trust_list_element.class(3sec)
pkc_trusted_key.class(3sec)