Discuss this help topic in SecureBlackbox Forum
TElPolicyConstraintsExtension is a descendant of TElCustomExtension class.
Description
The following paragraph is taken from RFC 2459 (Housley, et. al.), part 4.2.1.12:
«The policy constraints extension can be used in certificates issued
to CAs. The policy constraints extension constrains path validation
in two ways. It can be used to prohibit policy mapping or require
that each certificate in a path contain an acceptable policy
identifier.
If the inhibitPolicyMapping field is present, the value indicates the
number of additional certificates that may appear in the path before
policy mapping is no longer permitted. For example, a value of one
indicates that policy mapping may be processed in certificates issued
by the subject of this certificate, but not in additional
certificates in the path.
If the requireExplicitPolicy field is present, subsequent
certificates shall include an acceptable policy identifier. The value
of requireExplicitPolicy indicates the number of additional
certificates that may appear in the path before an explicit policy is
required. An acceptable policy identifier is the identifier of a
policy required by the user of the certification path or the
identifier of a policy which has been declared equivalent through
policy mapping.
Conforming CAs MUST NOT issue certificates where policy constraints
is a null sequence. That is, at least one of the inhibitPolicyMapping
field or the requireExplicitPolicy field MUST be present. The
behavior of clients that encounter a null policy constraints field is
not addressed in this profile.
This extension may be critical or non-critical.»
Inherited from TElCustomExtension .NET:
