1=pod 2 3=head1 NAME 4 5X509_check_ca - check if given certificate is CA certificate 6 7=head1 SYNOPSIS 8 9 #include <openssl/x509v3.h> 10 11 int X509_check_ca(X509 *cert); 12 13=head1 DESCRIPTION 14 15This function checks if given certificate is CA certificate (can be used 16to sign other certificates). 17 18=head1 RETURN VALUES 19 20Function return 0, if it is not CA certificate, 1 if it is proper X509v3 21CA certificate with B<basicConstraints> extension CA:TRUE, 223, if it is self-signed X509 v1 certificate, 4, if it is certificate with 23B<keyUsage> extension with bit B<keyCertSign> set, but without 24B<basicConstraints>, and 5 if it has outdated Netscape Certificate Type 25extension telling that it is CA certificate. 26 27Actually, any non-zero value means that this certificate could have been 28used to sign other certificates. 29 30=head1 SEE ALSO 31 32L<X509_verify_cert(3)>, 33L<X509_check_issued(3)>, 34L<X509_check_purpose(3)> 35 36=head1 COPYRIGHT 37 38Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. 39 40Licensed under the OpenSSL license (the "License"). You may not use 41this file except in compliance with the License. You can obtain a copy 42in the file LICENSE in the source distribution or at 43L<https://www.openssl.org/source/license.html>. 44 45=cut 46