xref: /freebsd/crypto/openssl/doc/man3/X509_check_ca.pod (revision 7fdf597e96a02165cfe22ff357b857d5fa15ed8a)
1=pod
2
3=head1 NAME
4
5X509_check_ca - check if given certificate is CA certificate
6
7=head1 SYNOPSIS
8
9 #include <openssl/x509v3.h>
10
11 int X509_check_ca(X509 *cert);
12
13=head1 DESCRIPTION
14
15This function checks if given certificate is CA certificate (can be used
16to sign other certificates). The certificate must be a complete certificate
17otherwise an error is returned.
18
19=head1 RETURN VALUES
20
21Function return 0, if it is not CA certificate, 1 if it is proper X509v3
22CA certificate with B<basicConstraints> extension CA:TRUE,
233, if it is self-signed X509 v1 certificate, 4, if it is certificate with
24B<keyUsage> extension with bit B<keyCertSign> set, but without
25B<basicConstraints>, and 5 if it has outdated Netscape Certificate Type
26extension telling that it is CA certificate.
27
28This function will also return 0 on error.
29
30Actually, any nonzero value means that this certificate could have been
31used to sign other certificates.
32
33=head1 SEE ALSO
34
35L<X509_verify_cert(3)>,
36L<X509_check_issued(3)>,
37L<X509_check_purpose(3)>
38
39=head1 COPYRIGHT
40
41Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
42
43Licensed under the Apache License 2.0 (the "License").  You may not use
44this file except in compliance with the License.  You can obtain a copy
45in the file LICENSE in the source distribution or at
46L<https://www.openssl.org/source/license.html>.
47
48=cut
49