Hello,
My application uses openssl 1.0.0, and it uses X509_check_ca() to find
out if an X509 certificate is a CA certificate, or an End-entity (EE)
certificate.
The below are the possible return codes.
/* return codes of X509_check_ca():
* 0 not a CA
* 1 is a CA
* 2 basicConstraints absent so "maybe" a CA
* 3 basicConstraints absent but self signed V1.
* 4 basicConstraints absent but keyUsage present and keyCertSign
asserted.
*/
My question here is, if we get return code as 4, should we consider this as
a CA certificate or an EE certificate ?
Any quick support in this regard is much appreciated.
Regards,
Sanjaya
