X509_check_issued.3ssl - Man Page

checks if certificate is apparently issued by another certificate

Synopsis

 #include <openssl/x509v3.h>

 int X509_check_issued(X509 *issuer, X509 *subject);

Description

X509_check_issued() checks if certificate subject was apparently issued using (CA) certificate issuer. This function takes into account not only matching of the issuer field of subject with the subject field of issuer, but also compares all sub-fields of the authorityKeyIdentifier extension of subject, as far as present, with the respective subjectKeyIdentifier, serial number, and issuer fields of issuer, as far as present. It also checks if the keyUsage field (if present) of issuer allows certificate signing. It does not check the certificate signature.

Return Values

Function return X509_V_OK if certificate subject is issued by issuer or some X509_V_ERR* constant to indicate an error.

See Also

X509_verify_cert(3), X509_check_ca(3), verify(1)

Referenced By

EVP_PKEY_ASN1_METHOD.3ssl(3), X509_check_ca.3ssl(3).

2021-03-26 1.1.1k OpenSSL