source-git / openssl

Clone
Source Code
GIT

Blame doc/man3/X509_check_purpose.pod

c8 c8s master
  1.   c4476c2d191c8f18018d947521358ac6321a212e
  2.   doc
  3.   man3
  4.   X509_check_purpose.pod
Blob History Raw
Packit c4476c 
=pod
Packit c4476c
Packit c4476c 
=head1 NAME
Packit c4476c
Packit c4476c 
X509_check_purpose - Check the purpose of a certificate
Packit c4476c
Packit c4476c 
=head1 SYNOPSIS
Packit c4476c
Packit c4476c 
 #include <openssl/x509v3.h>
Packit c4476c
Packit c4476c 
 int X509_check_purpose(X509 *x, int id, int ca)
Packit c4476c
Packit c4476c 
=head1 DESCRIPTION
Packit c4476c
Packit c4476c 
This function checks if certificate I<x> was created with the purpose
Packit c4476c 
represented by I<id>. If I<ca> is nonzero, then certificate I<x> is
Packit c4476c 
checked to determine if it's a possible CA with various levels of certainty
Packit c4476c 
possibly returned.
Packit c4476c
Packit c4476c 
Below are the potential ID's that can be checked:
Packit c4476c
Packit c4476c 
 # define X509_PURPOSE_SSL_CLIENT        1
Packit c4476c 
 # define X509_PURPOSE_SSL_SERVER        2
Packit c4476c 
 # define X509_PURPOSE_NS_SSL_SERVER     3
Packit c4476c 
 # define X509_PURPOSE_SMIME_SIGN        4
Packit c4476c 
 # define X509_PURPOSE_SMIME_ENCRYPT     5
Packit c4476c 
 # define X509_PURPOSE_CRL_SIGN          6
Packit c4476c 
 # define X509_PURPOSE_ANY               7
Packit c4476c 
 # define X509_PURPOSE_OCSP_HELPER       8
Packit c4476c 
 # define X509_PURPOSE_TIMESTAMP_SIGN    9
Packit c4476c
Packit c4476c 
=head1 RETURN VALUES
Packit c4476c
Packit c4476c 
For non-CA checks
Packit c4476c
Packit c4476c 
=over 4
Packit c4476c
Packit c4476c 
=item -1 an error condition has occured
Packit c4476c
Packit c4476c 
=item E<32>1 if the certificate was created to perform the purpose represented by I<id>
Packit c4476c
Packit c4476c 
=item E<32>0 if the certificate was not created to perform the purpose represented by I<id>
Packit c4476c
Packit c4476c 
=back
Packit c4476c
Packit c4476c 
For CA checks the below integers could be returned with the following meanings:
Packit c4476c
Packit c4476c 
=over 4
Packit c4476c
Packit c4476c 
=item -1 an error condition has occured
Packit c4476c
Packit c4476c 
=item E<32>0 not a CA or does not have the purpose represented by I<id>
Packit c4476c
Packit c4476c 
=item E<32>1 is a CA.
Packit c4476c
Packit c4476c 
=item E<32>2 Only possible in old versions of openSSL when basicConstraints are absent.
Packit c4476c 
         New versions will not return this value. May be a CA
Packit c4476c
Packit c4476c 
=item E<32>3 basicConstraints absent but self signed V1.
Packit c4476c
Packit c4476c 
=item E<32>4 basicConstraints absent but keyUsage present and keyCertSign asserted.
Packit c4476c
Packit c4476c 
=item E<32>5 legacy Netscape specific CA Flags present
Packit c4476c
Packit c4476c 
=back
Packit c4476c
Packit c4476c 
=head1 COPYRIGHT
Packit c4476c
Packit c4476c 
Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
Packit c4476c 
Licensed under the Apache License 2.0 (the "License"). You may not use this
Packit c4476c 
file except in compliance with the License. You can obtain a copy in the file
Packit c4476c 
LICENSE in the source distribution or at L<https://www.openssl.org/source/license.html>.
Packit c4476c
Packit c4476c 
=cut

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation