"Fossies" - the Fresh Open Source Software Archive

Member "openssl-1.1.1g/doc/man3/X509_check_purpose.pod" (21 Apr 2020, 2067 Bytes) of package /linux/misc/openssl-1.1.1g.tar.gz:

Caution: As a special service "Fossies" has tried to format the requested pod source page into HTML format but links to other pod pages may be missing or even erroneous. Alternatively you can here view or download the uninterpreted pod source code. A member file download can also be achieved by clicking within a package contents listing on the according byte size field.


X509_check_purpose - Check the purpose of a certificate


 #include <openssl/x509v3.h>

 int X509_check_purpose(X509 *x, int id, int ca)


This function checks if certificate x was created with the purpose represented by id. If ca is nonzero, then certificate x is checked to determine if it's a possible CA with various levels of certainty possibly returned.

Below are the potential ID's that can be checked:

 # define X509_PURPOSE_SSL_CLIENT        1
 # define X509_PURPOSE_SSL_SERVER        2
 # define X509_PURPOSE_NS_SSL_SERVER     3
 # define X509_PURPOSE_SMIME_SIGN        4
 # define X509_PURPOSE_SMIME_ENCRYPT     5
 # define X509_PURPOSE_CRL_SIGN          6
 # define X509_PURPOSE_ANY               7
 # define X509_PURPOSE_OCSP_HELPER       8
 # define X509_PURPOSE_TIMESTAMP_SIGN    9


For non-CA checks

-1 an error condition has occured
1 if the certificate was created to perform the purpose represented by id
0 if the certificate was not created to perform the purpose represented by id

For CA checks the below integers could be returned with the following meanings:

-1 an error condition has occured
0 not a CA or does not have the purpose represented by id
1 is a CA.
2 Only possible in old versions of openSSL when basicConstraints are absent. New versions will not return this value. May be a CA
3 basicConstraints absent but self signed V1.
4 basicConstraints absent but keyUsage present and keyCertSign asserted.
5 legacy Netscape specific CA Flags present


Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.