1X509_CHECK_ISSUED(3ossl)            OpenSSL           X509_CHECK_ISSUED(3ossl)
2
3
4

NAME

6       X509_check_issued - checks if certificate is apparently issued by
7       another certificate
8

SYNOPSIS

10        #include <openssl/x509v3.h>
11
12        int X509_check_issued(X509 *issuer, X509 *subject);
13

DESCRIPTION

15       X509_check_issued() checks if certificate subject was apparently issued
16       using (CA) certificate issuer. This function takes into account not
17       only matching of the issuer field of subject with the subject field of
18       issuer, but also compares all sub-fields of the authorityKeyIdentifier
19       extension of subject, as far as present, with the respective
20       subjectKeyIdentifier, serial number, and issuer fields of issuer, as
21       far as present. It also checks if the keyUsage field (if present) of
22       issuer allows certificate signing.  It does not actually check the
23       certificate signature. An error is returned if the issuer or the
24       subject are incomplete certificates.
25

RETURN VALUES

27       X509_check_issued() returns X509_V_OK if all checks are successful or
28       some X509_V_ERR* constant to indicate an error.
29

SEE ALSO

31       X509_verify_cert(3), X509_verify(3), X509_check_ca(3),
32       openssl-verify(1), X509_self_signed(3)
33

COPYRIGHT

35       Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
36
37       Licensed under the Apache License 2.0 (the "License").  You may not use
38       this file except in compliance with the License.  You can obtain a copy
39       in the file LICENSE in the source distribution or at
40       <https://www.openssl.org/source/license.html>.
41
42
43
443.0.5                             2022-11-01          X509_CHECK_ISSUED(3ossl)