xref: /openssl/doc/man3/X509_check_issued.pod (revision 54b40531)
1=pod
2
3=head1 NAME
4
5X509_check_issued - checks if certificate is apparently issued by another
6certificate
7
8=head1 SYNOPSIS
9
10 #include <openssl/x509v3.h>
11
12 int X509_check_issued(X509 *issuer, X509 *subject);
13
14
15=head1 DESCRIPTION
16
17X509_check_issued() checks if certificate I<subject> was apparently issued
18using (CA) certificate I<issuer>. This function takes into account not only
19matching of the issuer field of I<subject> with the subject field of I<issuer>,
20but also compares all sub-fields of the B<authorityKeyIdentifier> extension of
21I<subject>, as far as present, with the respective B<subjectKeyIdentifier>,
22serial number, and issuer fields of I<issuer>, as far as present. It also checks
23if the B<keyUsage> field (if present) of I<issuer> allows certificate signing.
24It does not actually check the certificate signature. An error is returned
25if the I<issuer> or the I<subject> are incomplete certificates.
26
27=head1 RETURN VALUES
28
29X509_check_issued() returns B<X509_V_OK> if all checks are successful
30or some B<X509_V_ERR*> constant to indicate an error.
31
32=head1 SEE ALSO
33
34L<X509_verify_cert(3)>, L<X509_verify(3)>, L<X509_check_ca(3)>,
35L<openssl-verify(1)>, L<X509_self_signed(3)>
36
37=head1 COPYRIGHT
38
39Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
40
41Licensed under the Apache License 2.0 (the "License").  You may not use
42this file except in compliance with the License.  You can obtain a copy
43in the file LICENSE in the source distribution or at
44L<https://www.openssl.org/source/license.html>.
45
46=cut
47