5 X509_check_ca - check if given certificate is CA certificate
9 #include <openssl/x509v3.h>
11 int X509_check_ca(X509 *cert);
15 This function checks if given certificate is CA certificate (can be used
16 to sign other certificates).
20 Function return 0, if it is not CA certificate, 1 if it is proper X509v3
21 CA certificate with B<basicConstraints> extension CA:TRUE,
22 3, if it is selfsigned X509 v1 certificate, 4, if it is certificate with
23 B<keyUsage> extension with bit B<keyCertSign> set, but without
24 B<basicConstraints>, and 5 if it has outdated Netscape Certificate Type
25 extension telling that it is CA certificate.
27 Actually, any non-zero value means that this certificate could have been
28 used to sign other certificates.
32 L<X509_verify_cert(3)>,
33 L<X509_check_issued(3)>,
34 L<X509_check_purpose(3)>