xref: /freebsd/crypto/openssl/doc/man3/X509_check_ca.pod (revision cddbc3b40812213ff00041f79174cac0be360a2a)
1=pod
2
3=head1 NAME
4
5X509_check_ca - check if given certificate is CA certificate
6
7=head1 SYNOPSIS
8
9 #include <openssl/x509v3.h>
10
11 int X509_check_ca(X509 *cert);
12
13=head1 DESCRIPTION
14
15This function checks if given certificate is CA certificate (can be used
16to sign other certificates).
17
18=head1 RETURN VALUES
19
20Function return 0, if it is not CA certificate, 1 if it is proper X509v3
21CA certificate with B<basicConstraints> extension CA:TRUE,
223, if it is self-signed X509 v1 certificate, 4, if it is certificate with
23B<keyUsage> extension with bit B<keyCertSign> set, but without
24B<basicConstraints>, and 5 if it has outdated Netscape Certificate Type
25extension telling that it is CA certificate.
26
27Actually, any non-zero value means that this certificate could have been
28used to sign other certificates.
29
30=head1 SEE ALSO
31
32L<X509_verify_cert(3)>,
33L<X509_check_issued(3)>,
34L<X509_check_purpose(3)>
35
36=head1 COPYRIGHT
37
38Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
39
40Licensed under the OpenSSL license (the "License").  You may not use
41this file except in compliance with the License.  You can obtain a copy
42in the file LICENSE in the source distribution or at
43L<https://www.openssl.org/source/license.html>.
44
45=cut
46