5 X509_check_issued - checks if certificate is apparently issued by another
10 #include <openssl/x509v3.h>
12 int X509_check_issued(X509 *issuer, X509 *subject);
17 X509_check_issued() checks if certificate I<subject> was apparently issued
18 using (CA) certificate I<issuer>. This function takes into account not only
19 matching of the issuer field of I<subject> with the subject field of I<issuer>,
20 but also compares all sub-fields of the B<authorityKeyIdentifier> extension of
21 I<subject>, as far as present, with the respective B<subjectKeyIdentifier>,
22 serial number, and issuer fields of I<issuer>, as far as present. It also checks
23 if the B<keyUsage> field (if present) of I<issuer> allows certificate signing.
24 It does not actually check the certificate signature. An error is returned
25 if the I<issuer> or the I<subject> are incomplete certificates.
29 X509_check_issued() returns B<X509_V_OK> if all checks are successful
30 or some B<X509_V_ERR*> constant to indicate an error.
34 L<X509_verify_cert(3)>, L<X509_verify(3)>, L<X509_check_ca(3)>,
35 L<openssl-verify(1)>, L<X509_self_signed(3)>
39 Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
41 Licensed under the Apache License 2.0 (the "License"). You may not use
42 this file except in compliance with the License. You can obtain a copy
43 in the file LICENSE in the source distribution or at
44 L<https://www.openssl.org/source/license.html>.