1=pod 2 3=head1 NAME 4 5X509_check_purpose - Check the purpose of a certificate 6 7=head1 SYNOPSIS 8 9 #include <openssl/x509v3.h> 10 11 int X509_check_purpose(X509 *x, int id, int ca) 12 13=head1 DESCRIPTION 14 15This function checks if certificate I<x> was created with the purpose 16represented by I<id>. If I<ca> is nonzero, then certificate I<x> is 17checked to determine if it's a possible CA with various levels of certainty 18possibly returned. 19 20Below are the potential ID's that can be checked: 21 22 # define X509_PURPOSE_SSL_CLIENT 1 23 # define X509_PURPOSE_SSL_SERVER 2 24 # define X509_PURPOSE_NS_SSL_SERVER 3 25 # define X509_PURPOSE_SMIME_SIGN 4 26 # define X509_PURPOSE_SMIME_ENCRYPT 5 27 # define X509_PURPOSE_CRL_SIGN 6 28 # define X509_PURPOSE_ANY 7 29 # define X509_PURPOSE_OCSP_HELPER 8 30 # define X509_PURPOSE_TIMESTAMP_SIGN 9 31 32=head1 RETURN VALUES 33 34For non-CA checks 35 36=over 4 37 38=item -1 an error condition has occurred 39 40=item E<32>1 if the certificate was created to perform the purpose represented by I<id> 41 42=item E<32>0 if the certificate was not created to perform the purpose represented by I<id> 43 44=back 45 46For CA checks the below integers could be returned with the following meanings: 47 48=over 4 49 50=item -1 an error condition has occurred 51 52=item E<32>0 not a CA or does not have the purpose represented by I<id> 53 54=item E<32>1 is a CA. 55 56=item E<32>2 Only possible in old versions of openSSL when basicConstraints are absent. 57 New versions will not return this value. May be a CA 58 59=item E<32>3 basicConstraints absent but self signed V1. 60 61=item E<32>4 basicConstraints absent but keyUsage present and keyCertSign asserted. 62 63=item E<32>5 legacy Netscape specific CA Flags present 64 65=back 66 67=head1 COPYRIGHT 68 69Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. 70Licensed under the Apache License 2.0 (the "License"). You may not use this 71file except in compliance with the License. You can obtain a copy in the file 72LICENSE in the source distribution or at L<https://www.openssl.org/source/license.html>. 73 74=cut 75