1*4724848cSchristos=pod 2*4724848cSchristos 3*4724848cSchristos=head1 NAME 4*4724848cSchristos 5*4724848cSchristosX509_check_purpose - Check the purpose of a certificate 6*4724848cSchristos 7*4724848cSchristos=head1 SYNOPSIS 8*4724848cSchristos 9*4724848cSchristos #include <openssl/x509v3.h> 10*4724848cSchristos 11*4724848cSchristos int X509_check_purpose(X509 *x, int id, int ca) 12*4724848cSchristos 13*4724848cSchristos=head1 DESCRIPTION 14*4724848cSchristos 15*4724848cSchristosThis function checks if certificate I<x> was created with the purpose 16*4724848cSchristosrepresented by I<id>. If I<ca> is nonzero, then certificate I<x> is 17*4724848cSchristoschecked to determine if it's a possible CA with various levels of certainty 18*4724848cSchristospossibly returned. 19*4724848cSchristos 20*4724848cSchristosBelow are the potential ID's that can be checked: 21*4724848cSchristos 22*4724848cSchristos # define X509_PURPOSE_SSL_CLIENT 1 23*4724848cSchristos # define X509_PURPOSE_SSL_SERVER 2 24*4724848cSchristos # define X509_PURPOSE_NS_SSL_SERVER 3 25*4724848cSchristos # define X509_PURPOSE_SMIME_SIGN 4 26*4724848cSchristos # define X509_PURPOSE_SMIME_ENCRYPT 5 27*4724848cSchristos # define X509_PURPOSE_CRL_SIGN 6 28*4724848cSchristos # define X509_PURPOSE_ANY 7 29*4724848cSchristos # define X509_PURPOSE_OCSP_HELPER 8 30*4724848cSchristos # define X509_PURPOSE_TIMESTAMP_SIGN 9 31*4724848cSchristos 32*4724848cSchristos=head1 RETURN VALUES 33*4724848cSchristos 34*4724848cSchristosFor non-CA checks 35*4724848cSchristos 36*4724848cSchristos=over 4 37*4724848cSchristos 38*4724848cSchristos=item -1 an error condition has occurred 39*4724848cSchristos 40*4724848cSchristos=item E<32>1 if the certificate was created to perform the purpose represented by I<id> 41*4724848cSchristos 42*4724848cSchristos=item E<32>0 if the certificate was not created to perform the purpose represented by I<id> 43*4724848cSchristos 44*4724848cSchristos=back 45*4724848cSchristos 46*4724848cSchristosFor CA checks the below integers could be returned with the following meanings: 47*4724848cSchristos 48*4724848cSchristos=over 4 49*4724848cSchristos 50*4724848cSchristos=item -1 an error condition has occurred 51*4724848cSchristos 52*4724848cSchristos=item E<32>0 not a CA or does not have the purpose represented by I<id> 53*4724848cSchristos 54*4724848cSchristos=item E<32>1 is a CA. 55*4724848cSchristos 56*4724848cSchristos=item E<32>2 Only possible in old versions of openSSL when basicConstraints are absent. 57*4724848cSchristos New versions will not return this value. May be a CA 58*4724848cSchristos 59*4724848cSchristos=item E<32>3 basicConstraints absent but self signed V1. 60*4724848cSchristos 61*4724848cSchristos=item E<32>4 basicConstraints absent but keyUsage present and keyCertSign asserted. 62*4724848cSchristos 63*4724848cSchristos=item E<32>5 legacy Netscape specific CA Flags present 64*4724848cSchristos 65*4724848cSchristos=back 66*4724848cSchristos 67*4724848cSchristos=head1 COPYRIGHT 68*4724848cSchristos 69*4724848cSchristosCopyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. 70*4724848cSchristosLicensed under the Apache License 2.0 (the "License"). You may not use this 71*4724848cSchristosfile except in compliance with the License. You can obtain a copy in the file 72*4724848cSchristosLICENSE in the source distribution or at L<https://www.openssl.org/source/license.html>. 73*4724848cSchristos 74*4724848cSchristos=cut 75