1X509_CHECK_PURPOSE(3)               OpenSSL              X509_CHECK_PURPOSE(3)
2
3
4

NAME

6       X509_check_purpose - Check the purpose of a certificate
7

SYNOPSIS

9        #include <openssl/x509v3.h>
10
11        int X509_check_purpose(X509 *x, int id, int ca)
12

DESCRIPTION

14       This function checks if certificate x was created with the purpose
15       represented by id. If ca is nonzero, then certificate x is checked to
16       determine if it's a possible CA with various levels of certainty
17       possibly returned.
18
19       Below are the potential ID's that can be checked:
20
21        # define X509_PURPOSE_SSL_CLIENT        1
22        # define X509_PURPOSE_SSL_SERVER        2
23        # define X509_PURPOSE_NS_SSL_SERVER     3
24        # define X509_PURPOSE_SMIME_SIGN        4
25        # define X509_PURPOSE_SMIME_ENCRYPT     5
26        # define X509_PURPOSE_CRL_SIGN          6
27        # define X509_PURPOSE_ANY               7
28        # define X509_PURPOSE_OCSP_HELPER       8
29        # define X509_PURPOSE_TIMESTAMP_SIGN    9
30

RETURN VALUES

32       For non-CA checks
33
34       -1 an error condition has occurred
35        1 if the certificate was created to perform the purpose represented by
36       id
37        0 if the certificate was not created to perform the purpose
38       represented by id
39
40       For CA checks the below integers could be returned with the following
41       meanings:
42
43       -1 an error condition has occurred
44        0 not a CA or does not have the purpose represented by id
45        1 is a CA.
46        2 Only possible in old versions of openSSL when basicConstraints are
47       absent. New versions will not return this value. May be a CA
48        3 basicConstraints absent but self signed V1.
49        4 basicConstraints absent but keyUsage present and keyCertSign
50       asserted.
51        5 legacy Netscape specific CA Flags present
52
54       Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
55       Licensed under the Apache License 2.0 (the "License"). You may not use
56       this file except in compliance with the License. You can obtain a copy
57       in the file LICENSE in the source distribution or at
58       <https://www.openssl.org/source/license.html>.
59
60
61
621.1.1q                            2022-07-07             X509_CHECK_PURPOSE(3)
Impressum