3.11.17. TLS_PolicyOID Previous topic Parent topic Child topic Next topic

When a TLS peer presents a certificate, this optional parameter enables the certificate policy checking and specifies one or more policy OIDs that must be present in the certificate path. It sets the 'require explicit policy' flag as defined in RFC3280. Using this parameter requires Net-SSLeay 1.37 or later. This parameter may be used for additional certificate validity checks, for example, with RadSec.
Here is an example of using TLS_PolicyOID:
# Require just one policy
TLS_PolicyOID 1.3.6.1.4.1.9048.33.2