openssl_x509_checkpurpose

(PHP 4 >= 4.0.6, PHP 5)

openssl_x509_checkpurpose -- Verifies if a certificate can be used for a particular purpose

Description

bool openssl_x509_checkpurpose ( mixed x509cert, int purpose [, array cainfo [, string untrustedfile]])

Returns TRUE if the certificate can be used for the intended purpose, FALSE if it cannot, or -1 on error.

openssl_x509_checkpurpose() examines the certificate specified by x509cert to see if it can be used for the purpose specified by purpose.

cainfo should be an array of trusted CA files/dirs as described in Certificate Verification. It defaults to an empty array.

untrustedfile, if specified, is the name of a PEM encoded file holding certificates that can be used to help verify the certificate, although no trust in placed in the certificates that come from that file.

Table 1. openssl_x509_checkpurpose() purposes

ConstantDescription
X509_PURPOSE_SSL_CLIENTCan the certificate be used for the client side of an SSL connection?
X509_PURPOSE_SSL_SERVERCan the certificate be used for the server side of an SSL connection?
X509_PURPOSE_NS_SSL_SERVERCan the cert be used for Netscape SSL server?
X509_PURPOSE_SMIME_SIGNCan the cert be used to sign S/MIME email?
X509_PURPOSE_SMIME_ENCRYPTCan the cert be used to encrypt S/MIME email?
X509_PURPOSE_CRL_SIGNCan the cert be used to sign a certificate revocation list (CRL)?
X509_PURPOSE_ANYCan the cert be used for Any/All purposes?
These options are not bitfields - you may specify one only!