2
0

X509_check_issued.pod 1.5 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546
  1. =pod
  2. =head1 NAME
  3. X509_check_issued - checks if certificate is apparently issued by another
  4. certificate
  5. =head1 SYNOPSIS
  6. #include <openssl/x509v3.h>
  7. int X509_check_issued(X509 *issuer, X509 *subject);
  8. =head1 DESCRIPTION
  9. X509_check_issued() checks if certificate I<subject> was apparently issued
  10. using (CA) certificate I<issuer>. This function takes into account not only
  11. matching of the issuer field of I<subject> with the subject field of I<issuer>,
  12. but also compares all sub-fields of the B<authorityKeyIdentifier> extension of
  13. I<subject>, as far as present, with the respective B<subjectKeyIdentifier>,
  14. serial number, and issuer fields of I<issuer>, as far as present. It also checks
  15. if the B<keyUsage> field (if present) of I<issuer> allows certificate signing.
  16. It does not actually check the certificate signature. An error is returned
  17. if the I<issuer> or the I<subject> are incomplete certificates.
  18. =head1 RETURN VALUES
  19. X509_check_issued() returns B<X509_V_OK> if all checks are successful
  20. or some B<X509_V_ERR*> constant to indicate an error.
  21. =head1 SEE ALSO
  22. L<X509_verify_cert(3)>, L<X509_verify(3)>, L<X509_check_ca(3)>,
  23. L<openssl-verify(1)>, L<X509_self_signed(3)>
  24. =head1 COPYRIGHT
  25. Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
  26. Licensed under the Apache License 2.0 (the "License"). You may not use
  27. this file except in compliance with the License. You can obtain a copy
  28. in the file LICENSE in the source distribution or at
  29. L<https://www.openssl.org/source/license.html>.
  30. =cut