X509_CHECK_PURPOSE
Section: OpenSSL (3SSL)
Updated: 2024-03-03
Index
Return to Main Contents
NAME
X509_check_purpose - Check the purpose of a certificate
SYNOPSIS
#include <openssl/x509v3.h>
int X509_check_purpose(X509 *x, int id, int ca);
DESCRIPTION
This function checks if certificate x was created with the purpose
represented by id. If ca is nonzero, then certificate x is
checked to determine if it's a possible CA with various levels of certainty
possibly returned. The certificate x must be a complete certificate
otherwise the function returns an error.
Below are the potential ID's that can be checked:
# define X509_PURPOSE_SSL_CLIENT 1
# define X509_PURPOSE_SSL_SERVER 2
# define X509_PURPOSE_NS_SSL_SERVER 3
# define X509_PURPOSE_SMIME_SIGN 4
# define X509_PURPOSE_SMIME_ENCRYPT 5
# define X509_PURPOSE_CRL_SIGN 6
# define X509_PURPOSE_ANY 7
# define X509_PURPOSE_OCSP_HELPER 8
# define X509_PURPOSE_TIMESTAMP_SIGN 9
The checks performed take into account the X.509 extensions
keyUsage, extendedKeyUsage, and basicConstraints.
RETURN VALUES
For non-CA checks
- -1 an error condition has occurred
-
- 1 if the certificate was created to perform the purpose represented by id
-
- 0 if the certificate was not created to perform the purpose represented by id
-
For CA checks the below integers could be returned with the following meanings:
- -1 an error condition has occurred
-
- 0 not a CA or does not have the purpose represented by id
-
- 1 is a CA.
-
- 2 Only possible in old versions of openSSL when basicConstraints are absent. New versions will not return this value. May be a CA
-
- 3 basicConstraints absent but self signed V1.
-
- 4 basicConstraints absent but keyUsage present and keyCertSign asserted.
-
- 5 legacy Netscape specific CA Flags present
-
COPYRIGHT
Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the ``License''). You may not use this
file except in compliance with the License. You can obtain a copy in the file
LICENSE in the source distribution or at <https://www.openssl.org/source/license.html>.
Index
- NAME
-
- SYNOPSIS
-
- DESCRIPTION
-
- RETURN VALUES
-
- COPYRIGHT
-
This document was created by
man2html,
using the manual pages.
Time: 11:37:59 GMT, April 27, 2024