1=pod 2 3=head1 NAME 4 5X509_check_issued - checks if certificate is apparently issued by another 6certificate 7 8=head1 SYNOPSIS 9 10 #include <openssl/x509v3.h> 11 12 int X509_check_issued(X509 *issuer, X509 *subject); 13 14 15=head1 DESCRIPTION 16 17X509_check_issued() checks if certificate I<subject> was apparently issued 18using (CA) certificate I<issuer>. This function takes into account not only 19matching of the issuer field of I<subject> with the subject field of I<issuer>, 20but also compares all sub-fields of the B<authorityKeyIdentifier> extension of 21I<subject>, as far as present, with the respective B<subjectKeyIdentifier>, 22serial number, and issuer fields of I<issuer>, as far as present. It also checks 23if the B<keyUsage> field (if present) of I<issuer> allows certificate signing. 24It does not actually check the certificate signature. An error is returned 25if the I<issuer> or the I<subject> are incomplete certificates. 26 27=head1 RETURN VALUES 28 29X509_check_issued() returns B<X509_V_OK> if all checks are successful 30or some B<X509_V_ERR*> constant to indicate an error. 31 32=head1 SEE ALSO 33 34L<X509_verify_cert(3)>, L<X509_verify(3)>, L<X509_check_ca(3)>, 35L<openssl-verify(1)>, L<X509_self_signed(3)> 36 37=head1 COPYRIGHT 38 39Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. 40 41Licensed under the Apache License 2.0 (the "License"). You may not use 42this file except in compliance with the License. You can obtain a copy 43in the file LICENSE in the source distribution or at 44L<https://www.openssl.org/source/license.html>. 45 46=cut 47