diff options
Diffstat (limited to 'doc/man3/X509_check_issued.pod')
-rw-r--r-- | doc/man3/X509_check_issued.pod | 19 |
1 files changed, 10 insertions, 9 deletions
diff --git a/doc/man3/X509_check_issued.pod b/doc/man3/X509_check_issued.pod index f9a541ef71de..55f75ac84bb4 100644 --- a/doc/man3/X509_check_issued.pod +++ b/doc/man3/X509_check_issued.pod @@ -2,7 +2,7 @@ =head1 NAME -X509_check_issued - checks if certificate is issued by another +X509_check_issued - checks if certificate is apparently issued by another certificate =head1 SYNOPSIS @@ -14,13 +14,14 @@ certificate =head1 DESCRIPTION -This function checks if certificate I<subject> was issued using CA -certificate I<issuer>. This function takes into account not only -matching of issuer field of I<subject> with subject field of I<issuer>, -but also compares B<authorityKeyIdentifier> extension of I<subject> with -B<subjectKeyIdentifier> of I<issuer> if B<authorityKeyIdentifier> -present in the I<subject> certificate and checks B<keyUsage> field of -I<issuer>. +X509_check_issued() checks if certificate I<subject> was apparently issued +using (CA) certificate I<issuer>. This function takes into account not only +matching of the issuer field of I<subject> with the subject field of I<issuer>, +but also compares all sub-fields of the B<authorityKeyIdentifier> extension of +I<subject>, as far as present, with the respective B<subjectKeyIdentifier>, +serial number, and issuer fields of I<issuer>, as far as present. It also checks +if the B<keyUsage> field (if present) of I<issuer> allows certificate signing. +It does not check the certificate signature. =head1 RETURN VALUES @@ -35,7 +36,7 @@ L<verify(1)> =head1 COPYRIGHT -Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy |