gnutls_x509_crt_get_basic_constraints man page

gnutls_x509_crt_get_basic_constraints — API function


#include <gnutls/x509.h>

int gnutls_x509_crt_get_basic_constraints(gnutls_x509_crt_t cert, unsigned int * critical, unsigned int * ca, int * pathlen);


gnutls_x509_crt_t cert
should contain a gnutls_x509_crt_t type
unsigned int * critical
will be non-zero if the extension is marked as critical
unsigned int * ca
pointer to output integer indicating CA status, may be NULL, value is 1 if the certificate CA flag is set, 0 otherwise.
int * pathlen
pointer to output integer indicating path length (may be NULL), non-negative error codes indicate a present pathLenConstraint field and the actual value, -1 indicate that the field is absent.


This function will read the certificate's basic constraints, and return the certificates CA status. It reads the basicConstraints X.509 extension (


If the certificate is a CA a positive value will be returned, or (0) if the certificate does not have CA flag set. A negative error code may be returned in case of errors. If the certificate does not contain the basicConstraints extension GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned.

Reporting Bugs

Report bugs to <bugs@gnutls.org>.
Home page: http://www.gnutls.org

See Also

The full documentation for gnutls is maintained as a Texinfo manual. If the /usr/share/doc/gnutls/ directory does not contain the HTML form visit



gnutls 3.5.4