Thanks for the reply Tom and Kyle H.
Now i have below 2 questions:
(1) Based on application's need, can we assume return codes 2, 3 and 4 as
non-CA ?
(2) If we get return code 4 basicConstraints absent but keyUsage present
and keyCertSign asserted for a certificate, is this a valid certificate ?
This is unfortunately something that you need to figure out for yourself.
The controlling standard is not RFC 3280, or in fact any of the RFCs.
It is X.509, available from http://www.itu.int/. (You can get the
latest ratified edition for no cost.)
However:
2 should probably not be considered
The controlling standard is not RFC 3280, or in fact any of the RFCs. It is
X.509, available from http://www.itu.int/. (You can get the latest ratified
edition for no cost.)
If its a server certificate issued by a CA intended to be consumed by
browsers (or other related services), then the CA
Hello,
My application uses openssl 1.0.0, and it uses X509_check_ca() to find
out if an X509 certificate is a CA certificate, or an End-entity (EE)
certificate.
The below are the possible return codes.
/* return codes of X509_check_ca():
* 0 not a CA
* 1 is a CA
On Jul 7, 2014, at 5:40 AM, Sanjaya Joshi joshi.sanj...@gmail.com wrote:
Hello,
My application uses openssl 1.0.0, and it uses X509_check_ca() to find out
if an X509 certificate is a CA certificate, or an End-entity (EE) certificate.
The below are the possible return codes.
On 7/7/2014 2:40 AM, Sanjaya Joshi wrote:
Hello,
My application uses openssl 1.0.0, and it uses X509_check_ca() to
find out if an X509 certificate is a CA certificate, or an End-entity
(EE) certificate.
The below are the possible return codes.
/* return codes of X509_check_ca():