DragonFly On-Line Manual Pages

Search: Section:  


X509_CHECK_CA(3)      DragonFly Library Functions Manual      X509_CHECK_CA(3)

NAME

X509_check_ca - check whether a certificate is a CA certificate

SYNOPSIS

#include <openssl/x509v3.h> int X509_check_ca(X509 *cert);

DESCRIPTION

This function checks whether the given certificate is a CA certificate, that is, whether it can be used to sign other certificates.

RETURN VALUES

This functions returns non-zero if cert is a CA certificate or 0 otherwise. The following return values identify specific kinds of CA certificates: 1 an X.509 v3 CA certificate with basicConstraints extension CA:TRUE 3 a self-signed X.509 v1 certificate 4 a certificate with keyUsage extension with bit keyCertSign set, but without basicConstraints 5 a certificate with an outdated Netscape Certificate Type extension telling that it is a CA certificate

SEE ALSO

BASIC_CONSTRAINTS_new(3), EXTENDED_KEY_USAGE_new(3), X509_check_issued(3), X509_EXTENSION_new(3), X509_new(3), X509_verify_cert(3)

HISTORY

X509_check_ca() first appeared in OpenSSL 0.9.7f and has been available since OpenBSD 3.8. DragonFly 5.9-DEVELOPMENT June 6, 2019 DragonFly 5.9-DEVELOPMENT

Search: Section: