On Tue, Sep 25, 2012, sanjaya joshi wrote: > > We can conclude an X509 V1 certificate to be a root ca using > (EXFLAG_V1|EXFLAG_SS). > Similarly, is there a way to know whether an X509 V1 certificate is an > intermediate CA or end-entity certificate ? >
You can't: there is nothing in a V1 certificate to mark it as a CA. You can't actually be sure it is a root CA using the test you mentioned above: it could be a self signed end entity certificate. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org