feat: add acceptablePrivilegePolicies and acceptableCertPolicies exts

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24663)

crypto/x509/ext_dat.h

@@ -36,3 +36,5 @@ extern const X509V3_EXT_METHOD ossl_v3_holder_name_constraints;
 extern const X509V3_EXT_METHOD ossl_v3_delegated_name_constraints;
 extern const X509V3_EXT_METHOD ossl_v3_subj_dir_attrs;
 extern const X509V3_EXT_METHOD ossl_v3_associated_info;
+extern const X509V3_EXT_METHOD ossl_v3_acc_cert_policies;
+extern const X509V3_EXT_METHOD ossl_v3_acc_priv_policies;

crypto/x509/standard_exts.h

@@ -77,6 +77,8 @@ static const X509V3_EXT_METHOD *standard_exts[] = {
     &ossl_v3_ext_admission,
     &ossl_v3_delegated_name_constraints,
     &ossl_v3_soa_identifier,
+    &ossl_v3_acc_cert_policies,
+    &ossl_v3_acc_priv_policies,
     &ossl_v3_indirect_issuer,
     &ossl_v3_no_assertion,
     &ossl_v3_single_use,

crypto/x509/v3_extku.c

@@ -44,6 +44,30 @@ const X509V3_EXT_METHOD ossl_v3_ocsp_accresp = {
     NULL
 };
 
+/* Acceptable Certificate Policies also is a SEQUENCE OF OBJECT */
+const X509V3_EXT_METHOD ossl_v3_acc_cert_policies = {
+    NID_acceptable_cert_policies, 0,
+    ASN1_ITEM_ref(EXTENDED_KEY_USAGE),
+    0, 0, 0, 0,
+    0, 0,
+    i2v_EXTENDED_KEY_USAGE,
+    v2i_EXTENDED_KEY_USAGE,
+    0, 0,
+    NULL
+};
+
+/* Acceptable Privilege Policies also is a SEQUENCE OF OBJECT */
+const X509V3_EXT_METHOD ossl_v3_acc_priv_policies = {
+    NID_acceptable_privilege_policies, 0,
+    ASN1_ITEM_ref(EXTENDED_KEY_USAGE),
+    0, 0, 0, 0,
+    0, 0,
+    i2v_EXTENDED_KEY_USAGE,
+    v2i_EXTENDED_KEY_USAGE,
+    0, 0,
+    NULL
+};
+
 ASN1_ITEM_TEMPLATE(EXTENDED_KEY_USAGE) =
         ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, EXTENDED_KEY_USAGE, ASN1_OBJECT)
 ASN1_ITEM_TEMPLATE_END(EXTENDED_KEY_USAGE)