GPGSM: Add support for cert extension 2.5.29.54 Inhibit anyPolicy
Open, NormalPublic
Actions

Assigned To

None

Authored By

	aheinecke
	Aug 22 2023, 3:14 PM

Description

Specified in 4.2.1.14 in [RFC 5280]:

4.2.1.14.  Inhibit anyPolicy

   The inhibit anyPolicy extension can be used in certificates issued to
   CAs.  The inhibit anyPolicy extension indicates that the special
   anyPolicy OID, with the value { 2 5 29 32 0 }, is not considered an
   explicit match for other certificate policies except when it appears
   in an intermediate self-issued CA certificate.  The value indicates
   the number of additional non-self-issued certificates that may appear
   in the path before anyPolicy is no longer permitted.  For example, a
   value of one indicates that anyPolicy may be processed in
   certificates issued by the subject of this certificate, but not in
   additional certificates in the path.

   Conforming CAs MUST mark this extension as critical.

   id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::=  { id-ce 54 }

   InhibitAnyPolicy ::= SkipCerts

   SkipCerts ::= INTEGER (0..MAX)

Related Objects

Mentioned In: T6770: Add --ignore-cert-extensions to dirmngr

Event Timeline

aheinecke triaged this task as Normal priority.Aug 22 2023, 3:14 PM

aheinecke created this task.

aheinecke mentioned this in T6770: Add --ignore-cert-extensions to dirmngr.Oct 20 2023, 2:57 PM

• werner added a project: gnupg24.Feb 27 2024, 3:55 PM

GPGSM: Add support for cert extension 2.5.29.54 Inhibit anyPolicyOpen, NormalPublicActions

Description

Related Objects

Event Timeline

GPGSM: Add support for cert extension 2.5.29.54 Inhibit anyPolicy
Open, NormalPublic
Actions