Hi steve, Thanks. Got it. That means we can't differentiate between CA and end-entity in case of V1 certificate. We can only find out if the V1 cert is a self-signed certificate or not. Correct ?
Regards, Sanjaya On Wed, Sep 26, 2012 at 2:36 AM, Dr. Stephen Henson <st...@openssl.org>wrote: > On Tue, Sep 25, 2012, sanjaya joshi wrote: > > > > > We can conclude an X509 V1 certificate to be a root ca using > > (EXFLAG_V1|EXFLAG_SS). > > Similarly, is there a way to know whether an X509 V1 certificate is an > > intermediate CA or end-entity certificate ? > > > > You can't: there is nothing in a V1 certificate to mark it as a CA. You > can't > actually be sure it is a root CA using the test you mentioned above: it > could > be a self signed end entity certificate. > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org >
