Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

openssl_x509_checkpurpose(3) [php man page]

OPENSSL_X509_CHECKPURPOSE(3)						 1					      OPENSSL_X509_CHECKPURPOSE(3)

openssl_x509_checkpurpose - Verifies if a certificate can be used for a particular purpose

SYNOPSIS

       int openssl_x509_checkpurpose (mixed  $x509cert, int  $purpose, [array  $cainfo = array()], [string  $untrustedfile])

DESCRIPTION

       openssl_x509_checkpurpose(3) examines a certificate to see if it can be used for the specified $purpose.

PARAMETERS

	      o $x509cert
		- The examined certificate.

	      o $purpose
		-

	      openssl_x509_checkpurpose(3) purposes

	      +---------------------------+---------------------------------------------------+
	      | 	Constant	  |						      |
	      | 			  |						      |
	      | 			  |		       Description		      |
	      | 			  |						      |
	      +---------------------------+---------------------------------------------------+
	      | X509_PURPOSE_SSL_CLIENT   |						      |
	      | 			  |						      |
	      | 			  | Can  the  certificate be used for the client side |
	      | 			  | of an SSL connection?			      |
	      | 			  |						      |
	      | X509_PURPOSE_SSL_SERVER   |						      |
	      | 			  |						      |
	      | 			  | Can the certificate be used for the  server  side |
	      | 			  | of an SSL connection?			      |
	      | 			  |						      |
	      |X509_PURPOSE_NS_SSL_SERVER |						      |
	      | 			  |						      |
	      | 			  |   Can the cert be used for Netscape SSL server?   |
	      | 			  |						      |
	      | X509_PURPOSE_SMIME_SIGN   |						      |
	      | 			  |						      |
	      | 			  |    Can the cert be used to sign S/MIME email?     |
	      | 			  |						      |
	      |X509_PURPOSE_SMIME_ENCRYPT |						      |
	      | 			  |						      |
	      | 			  |   Can the cert be used to encrypt S/MIME email?   |
	      | 			  |						      |
	      |  X509_PURPOSE_CRL_SIGN	  |						      |
	      | 			  |						      |
	      | 			  | Can  the cert be used to sign a certificate revo- |
	      | 			  | cation list (CRL)?				      |
	      | 			  |						      |
	      |     X509_PURPOSE_ANY	  |						      |
	      | 			  |						      |
	      | 			  |    Can the cert be used for Any/All purposes?     |
	      | 			  |						      |
	      +---------------------------+---------------------------------------------------+
	       These options are not bitfields - you may specify one only!

	      o $cainfo
		-$cainfo should be an array of trusted CA files/dirs as described in Certificate Verification.

	      o $untrustedfile
		- If specified, this should be the name of a PEM encoded file holding certificates that can be used to help  verify  the  certifi-
		cate, although no trust is placed in the certificates that come from that file.

RETURN VALUES

	Returns TRUE if the certificate can be used for the intended purpose, FALSE if it cannot, or -1 on error.

PHP Documentation Group 											      OPENSSL_X509_CHECKPURPOSE(3)

Check Out this Related Man Page

OPENSSL_PKCS7_VERIFY(3) 						 1						   OPENSSL_PKCS7_VERIFY(3)

openssl_pkcs7_verify - Verifies the signature of an S/MIME signed message

SYNOPSIS

       mixed openssl_pkcs7_verify (string  $filename, int  $flags, [string  $outfilename], [array  $cainfo], [string  $extracerts], [string  $con-
       tent])

DESCRIPTION

       openssl_pkcs7_verify(3) reads the S/MIME message contained in the given file and examines the digital signature.

PARAMETERS

	      o $filename
		- Path to the message.

	      o $flags
		-$flags can be used to affect how the signature is verified - see PKCS7 constants for more information.

	      o $outfilename
		- If the $outfilename is specified, it should be a string holding the name of a file into which the certificates  of  the  persons
		that signed the messages will be stored in PEM format.

	      o $cainfo
		-  If  the $cainfo is specified, it should hold information about the trusted CA certificates to use in the verification process -
		see certificate verification for more information about this parameter.

	      o $extracerts
		- If the $extracerts is specified, it is the filename of a file containing a bunch of certificates to use as untrusted CAs.

	      o $content
		- You can specify a filename with $content that will be filled	with  the  verified  data,  but  with  the  signature  information
		stripped.

RETURN VALUES

	Returns  TRUE  if the signature is verified, FALSE if it is not correct (the message has been tampered with, or the signing certificate is
       invalid), or -1 on error.

CHANGELOG

       +--------+------------------------------------+
       |Version |				     |
       |	|				     |
       |	|	     Description	     |
       |	|				     |
       +--------+------------------------------------+
       | 5.1.0	|				     |
       |	|				     |
       |	|  The $content parameter was added. |
       |	|				     |
       +--------+------------------------------------+
NOTES

       Note

	       As specified in RFC 2045, lines may not be longer than 76 characters in the $filename parameter.

PHP Documentation Group 												   OPENSSL_PKCS7_VERIFY(3)
Man Page