]>
Commit | Line | Data |
---|---|---|
eacd30a7 JM |
1 | =pod |
2 | ||
3 | =head1 NAME | |
4 | ||
5 | X509_check_purpose - Check the purpose of a certificate | |
6 | ||
7 | =head1 SYNOPSIS | |
8 | ||
9 | #include <openssl/x509v3.h> | |
10 | ||
f64f17c3 | 11 | int X509_check_purpose(X509 *x, int id, int ca); |
eacd30a7 JM |
12 | |
13 | =head1 DESCRIPTION | |
14 | ||
15 | This function checks if certificate I<x> was created with the purpose | |
16 | represented by I<id>. If I<ca> is nonzero, then certificate I<x> is | |
17 | checked to determine if it's a possible CA with various levels of certainty | |
18 | possibly returned. | |
19 | ||
20 | Below are the potential ID's that can be checked: | |
21 | ||
22 | # define X509_PURPOSE_SSL_CLIENT 1 | |
23 | # define X509_PURPOSE_SSL_SERVER 2 | |
24 | # define X509_PURPOSE_NS_SSL_SERVER 3 | |
25 | # define X509_PURPOSE_SMIME_SIGN 4 | |
26 | # define X509_PURPOSE_SMIME_ENCRYPT 5 | |
27 | # define X509_PURPOSE_CRL_SIGN 6 | |
28 | # define X509_PURPOSE_ANY 7 | |
29 | # define X509_PURPOSE_OCSP_HELPER 8 | |
30 | # define X509_PURPOSE_TIMESTAMP_SIGN 9 | |
31 | ||
32 | =head1 RETURN VALUES | |
33 | ||
34 | For non-CA checks | |
35 | ||
36 | =over 4 | |
37 | ||
8c1cbc72 | 38 | =item -1 an error condition has occurred |
eacd30a7 JM |
39 | |
40 | =item E<32>1 if the certificate was created to perform the purpose represented by I<id> | |
41 | ||
42 | =item E<32>0 if the certificate was not created to perform the purpose represented by I<id> | |
43 | ||
44 | =back | |
45 | ||
46 | For CA checks the below integers could be returned with the following meanings: | |
47 | ||
48 | =over 4 | |
49 | ||
8c1cbc72 | 50 | =item -1 an error condition has occurred |
eacd30a7 JM |
51 | |
52 | =item E<32>0 not a CA or does not have the purpose represented by I<id> | |
53 | ||
54 | =item E<32>1 is a CA. | |
55 | ||
56 | =item E<32>2 Only possible in old versions of openSSL when basicConstraints are absent. | |
57 | New versions will not return this value. May be a CA | |
58 | ||
59 | =item E<32>3 basicConstraints absent but self signed V1. | |
60 | ||
61 | =item E<32>4 basicConstraints absent but keyUsage present and keyCertSign asserted. | |
62 | ||
63 | =item E<32>5 legacy Netscape specific CA Flags present | |
64 | ||
65 | =back | |
66 | ||
67 | =head1 COPYRIGHT | |
68 | ||
33388b44 | 69 | Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. |
eacd30a7 JM |
70 | Licensed under the Apache License 2.0 (the "License"). You may not use this |
71 | file except in compliance with the License. You can obtain a copy in the file | |
72 | LICENSE in the source distribution or at L<https://www.openssl.org/source/license.html>. | |
73 | ||
74 | =cut |