X509_check_ca.pod 1.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445
  1. =pod
  2. =head1 NAME
  3. X509_check_ca - check if given certificate is CA certificate
  4. =head1 SYNOPSIS
  5. #include <openssl/x509v3.h>
  6. int X509_check_ca(X509 *cert);
  7. =head1 DESCRIPTION
  8. This function checks if given certificate is CA certificate (can be used
  9. to sign other certificates).
  10. =head1 RETURN VALUES
  11. Function return 0, if it is not CA certificate, 1 if it is proper X509v3
  12. CA certificate with B<basicConstraints> extension CA:TRUE,
  13. 3, if it is self-signed X509 v1 certificate, 4, if it is certificate with
  14. B<keyUsage> extension with bit B<keyCertSign> set, but without
  15. B<basicConstraints>, and 5 if it has outdated Netscape Certificate Type
  16. extension telling that it is CA certificate.
  17. Actually, any non-zero value means that this certificate could have been
  18. used to sign other certificates.
  19. =head1 SEE ALSO
  20. L<X509_verify_cert(3)>,
  21. L<X509_check_issued(3)>,
  22. L<X509_check_purpose(3)>
  23. =head1 COPYRIGHT
  24. Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
  25. Licensed under the OpenSSL license (the "License"). You may not use
  26. this file except in compliance with the License. You can obtain a copy
  27. in the file LICENSE in the source distribution or at
  28. L<https://www.openssl.org/source/license.html>.
  29. =cut