openssl/doc/man3/X509_check_issued.pod

=pod

=head1 NAME

X509_check_issued - checks if certificate is likely issued by another
certificate

=head1 SYNOPSIS

 #include <openssl/x509v3.h>

 int X509_check_issued(X509 *issuer, X509 *subject);


=head1 DESCRIPTION

X509_check_issued() checks if certificate I<subject> was likely issued using CA
certificate I<issuer>. This function takes into account not only
matching of the issuer field of I<subject> with the subject field of I<issuer>,
but also compares all sub-fields of the B<authorityKeyIdentifier> extension of
I<subject>, as far as present, with the respective B<subjectKeyIdentifier>,
serial number, and issuer fields of I<issuer>, as far as present. It also checks
if the B<keyUsage> field (if present) of I<issuer> allows certificate signing.
It does not actually check the certificate signature.

=head1 RETURN VALUES

X509_check_issued() returns B<X509_V_OK> if all checks are successful
or some B<X509_V_ERR*> constant to indicate an error.

=head1 SEE ALSO

L<X509_verify_cert(3)>, L<X509_verify(3)>, L<X509_check_ca(3)>,
L<openssl-verify(1)>

=head1 COPYRIGHT

Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the Apache License 2.0 (the "License").  You may not use
this file except in compliance with the License.  You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.

=cut
Various doc fixes. Make all mention of digest algorithm use "any supported algorithm" RT2071, some new manpages from Victor B. Wagner <vitus@cryptocom.ru>: X509_LOOKUP_hash_dir.pod X509_check_ca.pod X509_check_issued.pod RT 1600: Remove references to non-existant objects(3) Add RETURN VALUES to BIO_do_accept page. RT1818: RSA_sign Can return values other than 0 on failure. RT3634: Fix AES CBC aliases (Steffen Nurpmeso <sdaoden@yandex.com>) RT3678: Some clarifications to BIO_new_pair (Devchandra L Meetei <dlmeetei@gmail.com>) RT3787: Fix some EVP_ function return values (Laetitia Baudoin <lbaudoin@google.com>) Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-08-28 00:28:08 +08:00			`=pod`

			`=head1 NAME`

Improve documentation, layout, and code comments regarding self-issued certs etc. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10587) 2019-12-23 22:40:47 +08:00			`X509_check_issued - checks if certificate is likely issued by another`
Various doc fixes. Make all mention of digest algorithm use "any supported algorithm" RT2071, some new manpages from Victor B. Wagner <vitus@cryptocom.ru>: X509_LOOKUP_hash_dir.pod X509_check_ca.pod X509_check_issued.pod RT 1600: Remove references to non-existant objects(3) Add RETURN VALUES to BIO_do_accept page. RT1818: RSA_sign Can return values other than 0 on failure. RT3634: Fix AES CBC aliases (Steffen Nurpmeso <sdaoden@yandex.com>) RT3678: Some clarifications to BIO_new_pair (Devchandra L Meetei <dlmeetei@gmail.com>) RT3787: Fix some EVP_ function return values (Laetitia Baudoin <lbaudoin@google.com>) Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-08-28 00:28:08 +08:00			`certificate`

			`=head1 SYNOPSIS`

			`#include <openssl/x509v3.h>`

			`int X509_check_issued(X509 issuer, X509 subject);`


			`=head1 DESCRIPTION`

Improve documentation, layout, and code comments regarding self-issued certs etc. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10587) 2019-12-23 22:40:47 +08:00			`X509_check_issued() checks if certificate I<subject> was likely issued using CA`
Fix nits in pod files. Add doc-nit-check to help find future issues. Make podchecker be almost clean. Remove trailing whitespace. Tab expansion Reviewed-by: Richard Levitte <levitte@openssl.org> 2016-05-20 20:11:46 +08:00			`certificate I<issuer>. This function takes into account not only`
Improve documentation, layout, and code comments regarding self-issued certs etc. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10587) 2019-12-23 22:40:47 +08:00			`matching of the issuer field of I<subject> with the subject field of I<issuer>,`
			`but also compares all sub-fields of the B<authorityKeyIdentifier> extension of`
			`I<subject>, as far as present, with the respective B<subjectKeyIdentifier>,`
			`serial number, and issuer fields of I<issuer>, as far as present. It also checks`
			`if the B<keyUsage> field (if present) of I<issuer> allows certificate signing.`
			`It does not actually check the certificate signature.`
Various doc fixes. Make all mention of digest algorithm use "any supported algorithm" RT2071, some new manpages from Victor B. Wagner <vitus@cryptocom.ru>: X509_LOOKUP_hash_dir.pod X509_check_ca.pod X509_check_issued.pod RT 1600: Remove references to non-existant objects(3) Add RETURN VALUES to BIO_do_accept page. RT1818: RSA_sign Can return values other than 0 on failure. RT3634: Fix AES CBC aliases (Steffen Nurpmeso <sdaoden@yandex.com>) RT3678: Some clarifications to BIO_new_pair (Devchandra L Meetei <dlmeetei@gmail.com>) RT3787: Fix some EVP_ function return values (Laetitia Baudoin <lbaudoin@google.com>) Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-08-28 00:28:08 +08:00
Add missing 'RETURN VALUES' sections in doc All missing sections are added. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4976) 2017-12-25 17:50:39 +08:00			`=head1 RETURN VALUES`
Various doc fixes. Make all mention of digest algorithm use "any supported algorithm" RT2071, some new manpages from Victor B. Wagner <vitus@cryptocom.ru>: X509_LOOKUP_hash_dir.pod X509_check_ca.pod X509_check_issued.pod RT 1600: Remove references to non-existant objects(3) Add RETURN VALUES to BIO_do_accept page. RT1818: RSA_sign Can return values other than 0 on failure. RT3634: Fix AES CBC aliases (Steffen Nurpmeso <sdaoden@yandex.com>) RT3678: Some clarifications to BIO_new_pair (Devchandra L Meetei <dlmeetei@gmail.com>) RT3787: Fix some EVP_ function return values (Laetitia Baudoin <lbaudoin@google.com>) Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-08-28 00:28:08 +08:00
Improve documentation, layout, and code comments regarding self-issued certs etc. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10587) 2019-12-23 22:40:47 +08:00			`X509_check_issued() returns B<X509_V_OK> if all checks are successful`
			`or some B<X509_V_ERR*> constant to indicate an error.`
Various doc fixes. Make all mention of digest algorithm use "any supported algorithm" RT2071, some new manpages from Victor B. Wagner <vitus@cryptocom.ru>: X509_LOOKUP_hash_dir.pod X509_check_ca.pod X509_check_issued.pod RT 1600: Remove references to non-existant objects(3) Add RETURN VALUES to BIO_do_accept page. RT1818: RSA_sign Can return values other than 0 on failure. RT3634: Fix AES CBC aliases (Steffen Nurpmeso <sdaoden@yandex.com>) RT3678: Some clarifications to BIO_new_pair (Devchandra L Meetei <dlmeetei@gmail.com>) RT3787: Fix some EVP_ function return values (Laetitia Baudoin <lbaudoin@google.com>) Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-08-28 00:28:08 +08:00
			`=head1 SEE ALSO`

Improve documentation, layout, and code comments regarding self-issued certs etc. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10587) 2019-12-23 22:40:47 +08:00			`L<X509_verify_cert(3)>, L<X509_verify(3)>, L<X509_check_ca(3)>,`
Fix L<xxx(1)> links to be L<openssl-xxx(1)> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/10328) 2019-11-02 04:26:05 +08:00			`L<openssl-verify(1)>`
Various doc fixes. Make all mention of digest algorithm use "any supported algorithm" RT2071, some new manpages from Victor B. Wagner <vitus@cryptocom.ru>: X509_LOOKUP_hash_dir.pod X509_check_ca.pod X509_check_issued.pod RT 1600: Remove references to non-existant objects(3) Add RETURN VALUES to BIO_do_accept page. RT1818: RSA_sign Can return values other than 0 on failure. RT3634: Fix AES CBC aliases (Steffen Nurpmeso <sdaoden@yandex.com>) RT3678: Some clarifications to BIO_new_pair (Devchandra L Meetei <dlmeetei@gmail.com>) RT3787: Fix some EVP_ function return values (Laetitia Baudoin <lbaudoin@google.com>) Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-08-28 00:28:08 +08:00
Add copyright to manpages Reviewed-by: Richard Levitte <levitte@openssl.org> 2016-05-18 23:44:05 +08:00			`=head1 COPYRIGHT`

Update all affected files' copyright year to 2018 Because the related PR/commits are merged in 2018... Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4976) 2018-01-16 01:01:46 +08:00			`Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.`
Add copyright to manpages Reviewed-by: Richard Levitte <levitte@openssl.org> 2016-05-18 23:44:05 +08:00
Following the license change, modify the boilerplates in doc/man3/ [skip ci] Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7829) 2018-12-06 21:04:44 +08:00			`Licensed under the Apache License 2.0 (the "License"). You may not use`
Add copyright to manpages Reviewed-by: Richard Levitte <levitte@openssl.org> 2016-05-18 23:44:05 +08:00			`this file except in compliance with the License. You can obtain a copy`
			`in the file LICENSE in the source distribution or at`
			`L<https://www.openssl.org/source/license.html>.`

			`=cut`