X509_CHECK_PURPOSE

Section: OpenSSL (3)
Updated: 2021-03-26
Page Index
 

NAME

X509_check_purpose - Check the purpose of a certificate  

SYNOPSIS

 #include <openssl/x509v3.h>

 int X509_check_purpose(X509 *x, int id, int ca)

 

DESCRIPTION

This function checks if certificate x was created with the purpose represented by id. If ca is nonzero, then certificate x is checked to determine if it's a possible CA with various levels of certainty possibly returned.

Below are the potential ID's that can be checked:

 # define X509_PURPOSE_SSL_CLIENT        1
 # define X509_PURPOSE_SSL_SERVER        2
 # define X509_PURPOSE_NS_SSL_SERVER     3
 # define X509_PURPOSE_SMIME_SIGN        4
 # define X509_PURPOSE_SMIME_ENCRYPT     5
 # define X509_PURPOSE_CRL_SIGN          6
 # define X509_PURPOSE_ANY               7
 # define X509_PURPOSE_OCSP_HELPER       8
 # define X509_PURPOSE_TIMESTAMP_SIGN    9

 

RETURN VALUES

For non-CA checks
-1 an error condition has occurred
1 if the certificate was created to perform the purpose represented by id
0 if the certificate was not created to perform the purpose represented by id

For CA checks the below integers could be returned with the following meanings:

-1 an error condition has occurred
0 not a CA or does not have the purpose represented by id
1 is a CA.
2 Only possible in old versions of openSSL when basicConstraints are absent. New versions will not return this value. May be a CA
3 basicConstraints absent but self signed V1.
4 basicConstraints absent but keyUsage present and keyCertSign asserted.
5 legacy Netscape specific CA Flags present
 

COPYRIGHT

Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the ``License''). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at <https://www.openssl.org/source/license.html>.


 

Index

NAME
SYNOPSIS
DESCRIPTION
RETURN VALUES
COPYRIGHT