<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<title>Verifies if a certificate can be used for a particular purpose</title>
</head>
<body><div class="manualnavbar" style="text-align: center;">
<div class="prev" style="text-align: left; float: left;"><a href="function.openssl-x509-check-private-key.html">openssl_x509_check_private_key</a></div>
<div class="next" style="text-align: right; float: right;"><a href="function.openssl-x509-export-to-file.html">openssl_x509_export_to_file</a></div>
<div class="up"><a href="ref.openssl.html">OpenSSL Functions</a></div>
<div class="home"><a href="index.html">PHP Manual</a></div>
</div><hr /><div id="function.openssl-x509-checkpurpose" class="refentry">
<div class="refnamediv">
<h1 class="refname">openssl_x509_checkpurpose</h1>
<p class="verinfo">(PHP 4 >= 4.0.6, PHP 5)</p><p class="refpurpose"><span class="refname">openssl_x509_checkpurpose</span> — <span class="dc-title">Verifies if a certificate can be used for a particular purpose</span></p>
</div>
<div class="refsect1 description" id="refsect1-function.openssl-x509-checkpurpose-description">
<h3 class="title">Description</h3>
<div class="methodsynopsis dc-description">
<span class="type">int</span> <span class="methodname"><strong>openssl_x509_checkpurpose</strong></span>
( <span class="methodparam"><span class="type"><a href="language.pseudo-types.html#language.types.mixed" class="type mixed">mixed</a></span> <code class="parameter">$x509cert</code></span>
, <span class="methodparam"><span class="type">int</span> <code class="parameter">$purpose</code></span>
[, <span class="methodparam"><span class="type">array</span> <code class="parameter">$cainfo</code><span class="initializer"> = array()</span></span>
[, <span class="methodparam"><span class="type">string</span> <code class="parameter">$untrustedfile</code></span>
]] )</div>
<p class="para rdfs-comment">
<span class="function"><strong>openssl_x509_checkpurpose()</strong></span> examines a certificate to
see if it can be used for the specified <em><code class="parameter">purpose</code></em>.
</p>
</div>
<div class="refsect1 parameters" id="refsect1-function.openssl-x509-checkpurpose-parameters">
<h3 class="title">Parameters</h3>
<p class="para">
<dl>
<dt>
<span class="term"><em><code class="parameter">x509cert</code></em></span>
<dd>
<p class="para">
The examined certificate.
</p>
</dd>
</dt>
<dt>
<span class="term"><em><code class="parameter">purpose</code></em></span>
<dd>
<p class="para">
<table class="doctable table">
<caption><strong> <span class="function"><strong>openssl_x509_checkpurpose()</strong></span> purposes</strong></caption>
<thead>
<tr>
<th>Constant</th>
<th>Description</th>
</tr>
</thead>
<tbody class="tbody">
<tr>
<td>X509_PURPOSE_SSL_CLIENT</td>
<td>Can the certificate be used for the client side of an SSL
connection?</td>
</tr>
<tr>
<td>X509_PURPOSE_SSL_SERVER</td>
<td>Can the certificate be used for the server side of an SSL
connection?</td>
</tr>
<tr>
<td>X509_PURPOSE_NS_SSL_SERVER</td>
<td>Can the cert be used for Netscape SSL server?</td>
</tr>
<tr>
<td>X509_PURPOSE_SMIME_SIGN</td>
<td>Can the cert be used to sign S/MIME email?</td>
</tr>
<tr>
<td>X509_PURPOSE_SMIME_ENCRYPT</td>
<td>Can the cert be used to encrypt S/MIME email?</td>
</tr>
<tr>
<td>X509_PURPOSE_CRL_SIGN</td>
<td>Can the cert be used to sign a certificate revocation list
(CRL)?</td>
</tr>
<tr>
<td>X509_PURPOSE_ANY</td>
<td>Can the cert be used for Any/All purposes?</td>
</tr>
</tbody>
</table>
These options are not bitfields - you may specify one only!
</p>
</dd>
</dt>
<dt>
<span class="term"><em><code class="parameter">cainfo</code></em></span>
<dd>
<p class="para">
<em><code class="parameter">cainfo</code></em> should be an array of trusted CA files/dirs
as described in <a href="openssl.cert.verification.html" class="link">Certificate
Verification</a>.
</p>
</dd>
</dt>
<dt>
<span class="term"><em><code class="parameter">untrustedfile</code></em></span>
<dd>
<p class="para">
If specified, this should be the name of a PEM encoded file holding
certificates that can be used to help verify the certificate, although
no trust is placed in the certificates that come from that file.
</p>
</dd>
</dt>
</dl>
</p>
</div>
<div class="refsect1 returnvalues" id="refsect1-function.openssl-x509-checkpurpose-returnvalues">
<h3 class="title">Return Values</h3>
<p class="para">
Returns <strong><code>TRUE</code></strong> if the certificate can be used for the intended purpose,
<strong><code>FALSE</code></strong> if it cannot, or -1 on error.
</p>
</div>
</div><hr /><div class="manualnavbar" style="text-align: center;">
<div class="prev" style="text-align: left; float: left;"><a href="function.openssl-x509-check-private-key.html">openssl_x509_check_private_key</a></div>
<div class="next" style="text-align: right; float: right;"><a href="function.openssl-x509-export-to-file.html">openssl_x509_export_to_file</a></div>
<div class="up"><a href="ref.openssl.html">OpenSSL Functions</a></div>
<div class="home"><a href="index.html">PHP Manual</a></div>
</div></body></html>
