diff options
author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2019-12-23 15:40:47 +0100 |
---|---|---|
committer | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-07-01 11:14:54 +0200 |
commit | ade08735f9d0ac85d611c5abee8a1df651bbca13 (patch) | |
tree | 2e39bef19aa164c163813ac4f7091622efd55f8f /doc/man3/X509_check_issued.pod | |
parent | 5188d0d55c72138dd1b65521fb73ac31902f0a52 (diff) | |
download | openssl-ade08735f9d0ac85d611c5abee8a1df651bbca13.tar.gz |
Improve documentation, layout, and code comments regarding self-issued certs etc.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10587)
Diffstat (limited to 'doc/man3/X509_check_issued.pod')
-rw-r--r-- | doc/man3/X509_check_issued.pod | 22 |
1 files changed, 11 insertions, 11 deletions
diff --git a/doc/man3/X509_check_issued.pod b/doc/man3/X509_check_issued.pod index d41dfcd53e..0e8ab7deb3 100644 --- a/doc/man3/X509_check_issued.pod +++ b/doc/man3/X509_check_issued.pod @@ -2,7 +2,7 @@ =head1 NAME -X509_check_issued - checks if certificate is issued by another +X509_check_issued - checks if certificate is likely issued by another certificate =head1 SYNOPSIS @@ -14,23 +14,23 @@ certificate =head1 DESCRIPTION -This function checks if certificate I<subject> was issued using CA +X509_check_issued() checks if certificate I<subject> was likely issued using CA certificate I<issuer>. This function takes into account not only -matching of issuer field of I<subject> with subject field of I<issuer>, -but also compares B<authorityKeyIdentifier> extension of I<subject> with -B<subjectKeyIdentifier> of I<issuer> if B<authorityKeyIdentifier> -present in the I<subject> certificate and checks B<keyUsage> field of -I<issuer>. +matching of the issuer field of I<subject> with the subject field of I<issuer>, +but also compares all sub-fields of the B<authorityKeyIdentifier> extension of +I<subject>, as far as present, with the respective B<subjectKeyIdentifier>, +serial number, and issuer fields of I<issuer>, as far as present. It also checks +if the B<keyUsage> field (if present) of I<issuer> allows certificate signing. +It does not actually check the certificate signature. =head1 RETURN VALUES -Function return B<X509_V_OK> if certificate I<subject> is issued by -I<issuer> or some B<X509_V_ERR*> constant to indicate an error. +X509_check_issued() returns B<X509_V_OK> if all checks are successful +or some B<X509_V_ERR*> constant to indicate an error. =head1 SEE ALSO -L<X509_verify_cert(3)>, -L<X509_check_ca(3)>, +L<X509_verify_cert(3)>, L<X509_verify(3)>, L<X509_check_ca(3)>, L<openssl-verify(1)> =head1 COPYRIGHT |