Content - 87b6c26d557249869d43b885181783d129144dda - c3da76f/crypto/X509_check_ca.pod – ENEA Mirror of the Software Heritage archive

X509_check_ca.pod

=pod

=head1 NAME

X509_check_ca - check if given certificate is CA certificate

=head1 SYNOPSIS

   #include <openssl/x509v3.h>

   int X509_check_ca(X509 *cert);

=head1 DESCRIPTION

This function checks if given certificate is CA certificate (can be used
to sign other certificates).

=head1 RETURN VALUE

Function return 0, if it is not CA certificate, 1 if it is proper X509v3
CA certificate with B<basicConstraints> extension CA:TRUE,
3, if it is selfsigned X509 v1 certificate, 4, if it is certificate with
B<keyUsage> extension with bit B<keyCertSign> set, but without
B<basicConstraints>, and 5 if it has outdated Netscape Certificate Type
extension telling that it is CA certificate.

Actually, any non-zero value means that this certificate could have been
used to sign other certificates.

=head1 SEE ALSO

L<X509_verify_cert(3)>,
L<X509_check_issued(3)>,
L<X509_check_purpose(3)>

=cut