Trang chủ Khám phá Trợ giúp
Đăng nhập
OWEALs
/
openssl
mirror of git://git.openssl.org/openssl.git
2
0
Fork 0
Các tập tin Các vấn đề 1 Wiki
Tree: 606e0426a1
Branches Tags
openssl
/
doc
/
man3
/
X509_check_purpose.pod

X509_check_purpose.pod 2.3 KB
Lịch sử Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879 
  1. =pod
    2. 

  2. 

  3. =head1 NAME
    4. 

  4. 

  5. X509_check_purpose - Check the purpose of a certificate
    6. 

  6. 

  7. =head1 SYNOPSIS
    8. 

  8. 

  9.  #include <openssl/x509v3.h>
    10. 

  10. 

  11.  int X509_check_purpose(X509 *x, int id, int ca);
    12. 

  12. 

  13. =head1 DESCRIPTION
    14. 

  14. 

  15. This function checks if certificate I<x> was created with the purpose
    16. 

  16. represented by I<id>. If I<ca> is nonzero, then certificate I<x> is
    17. 

  17. checked to determine if it's a possible CA with various levels of certainty
    18. 

  18. possibly returned. The certificate I<x> must be a complete certificate
    19. 

  19. otherwise the function returns an error.
    20. 

  20. 

  21. Below are the potential ID's that can be checked:
    22. 

  22. 

  23.  # define X509_PURPOSE_SSL_CLIENT        1
    24. 

  24.  # define X509_PURPOSE_SSL_SERVER        2
    25. 

  25.  # define X509_PURPOSE_NS_SSL_SERVER     3
    26. 

  26.  # define X509_PURPOSE_SMIME_SIGN        4
    27. 

  27.  # define X509_PURPOSE_SMIME_ENCRYPT     5
    28. 

  28.  # define X509_PURPOSE_CRL_SIGN          6
    29. 

  29.  # define X509_PURPOSE_ANY               7
    30. 

  30.  # define X509_PURPOSE_OCSP_HELPER       8
    31. 

  31.  # define X509_PURPOSE_TIMESTAMP_SIGN    9
    32. 

  32.  # define X509_PURPOSE_CODE_SIGN        10
    33. 

  33. 

  34. The checks performed take into account the X.509 extensions
    35. 

  35. keyUsage, extendedKeyUsage, and basicConstraints.
    36. 

  36. 

  37. =head1 RETURN VALUES
    38. 

  38. 

  39. For non-CA checks
    40. 

  40. 

  41. =over 4
    42. 

  42. 

  43. =item -1 an error condition has occurred
    44. 

  44. 

  45. =item E<32>1 if the certificate was created to perform the purpose represented by I<id>
    46. 

  46. 

  47. =item E<32>0 if the certificate was not created to perform the purpose represented by I<id>
    48. 

  48. 

  49. =back
    50. 

  50. 

  51. For CA checks the below integers could be returned with the following meanings:
    52. 

  52. 

  53. =over 4
    54. 

  54. 

  55. =item -1 an error condition has occurred
    56. 

  56. 

  57. =item E<32>0 not a CA or does not have the purpose represented by I<id>
    58. 

  58. 

  59. =item E<32>1 is a CA.
    60. 

  60. 

  61. =item E<32>2 Only possible in old versions of openSSL when basicConstraints are absent.
    62. 

  62.          New versions will not return this value. May be a CA
    63. 

  63. 

  64. =item E<32>3 basicConstraints absent but self signed V1.
    65. 

  65. 

  66. =item E<32>4 basicConstraints absent but keyUsage present and keyCertSign asserted.
    67. 

  67. 

  68. =item E<32>5 legacy Netscape specific CA Flags present
    69. 

  69. 

  70. =back
    71. 

  71. 

  72. =head1 COPYRIGHT
    73. 

  73. 

  74. Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
    75. 

  75. Licensed under the Apache License 2.0 (the "License"). You may not use this
    76. 

  76. file except in compliance with the License. You can obtain a copy in the file
    77. 

  77. LICENSE in the source distribution or at L<https://www.openssl.org/source/license.html>.
    78. 

  78. 

  79. =cut
    80.