aboutsummaryrefslogtreecommitdiffstats
path: root/secure/lib/libcrypto/man/man3/X509_check_issued.3
diff options
context:
space:
mode:
Diffstat (limited to 'secure/lib/libcrypto/man/man3/X509_check_issued.3')
-rw-r--r--secure/lib/libcrypto/man/man3/X509_check_issued.323
1 files changed, 12 insertions, 11 deletions
diff --git a/secure/lib/libcrypto/man/man3/X509_check_issued.3 b/secure/lib/libcrypto/man/man3/X509_check_issued.3
index 5f3ae316b28f..6e3c521502c1 100644
--- a/secure/lib/libcrypto/man/man3/X509_check_issued.3
+++ b/secure/lib/libcrypto/man/man3/X509_check_issued.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40)
+.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -133,13 +133,13 @@
.\" ========================================================================
.\"
.IX Title "X509_CHECK_ISSUED 3"
-.TH X509_CHECK_ISSUED 3 "2020-04-21" "1.1.1g" "OpenSSL"
+.TH X509_CHECK_ISSUED 3 "2020-09-22" "1.1.1h" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
-X509_check_issued \- checks if certificate is issued by another certificate
+X509_check_issued \- checks if certificate is apparently issued by another certificate
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
@@ -149,13 +149,14 @@ X509_check_issued \- checks if certificate is issued by another certificate
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-This function checks if certificate \fIsubject\fR was issued using \s-1CA\s0
-certificate \fIissuer\fR. This function takes into account not only
-matching of issuer field of \fIsubject\fR with subject field of \fIissuer\fR,
-but also compares \fBauthorityKeyIdentifier\fR extension of \fIsubject\fR with
-\&\fBsubjectKeyIdentifier\fR of \fIissuer\fR if \fBauthorityKeyIdentifier\fR
-present in the \fIsubject\fR certificate and checks \fBkeyUsage\fR field of
-\&\fIissuer\fR.
+\&\fBX509_check_issued()\fR checks if certificate \fIsubject\fR was apparently issued
+using (\s-1CA\s0) certificate \fIissuer\fR. This function takes into account not only
+matching of the issuer field of \fIsubject\fR with the subject field of \fIissuer\fR,
+but also compares all sub-fields of the \fBauthorityKeyIdentifier\fR extension of
+\&\fIsubject\fR, as far as present, with the respective \fBsubjectKeyIdentifier\fR,
+serial number, and issuer fields of \fIissuer\fR, as far as present. It also checks
+if the \fBkeyUsage\fR field (if present) of \fIissuer\fR allows certificate signing.
+It does not check the certificate signature.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
Function return \fBX509_V_OK\fR if certificate \fIsubject\fR is issued by
@@ -167,7 +168,7 @@ Function return \fBX509_V_OK\fR if certificate \fIsubject\fR is issued by
\&\fBverify\fR\|(1)
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
-Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2015\-2020 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy