<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="content-type" content="text/html; charset=UTF-8"> <title>Verifies if a certificate can be used for a particular purpose</title> </head> <body><div class="manualnavbar" style="text-align: center;"> <div class="prev" style="text-align: left; float: left;"><a href="function.openssl-x509-check-private-key.html">openssl_x509_check_private_key</a></div> <div class="next" style="text-align: right; float: right;"><a href="function.openssl-x509-export-to-file.html">openssl_x509_export_to_file</a></div> <div class="up"><a href="ref.openssl.html">OpenSSL Functions</a></div> <div class="home"><a href="index.html">PHP Manual</a></div> </div><hr /><div id="function.openssl-x509-checkpurpose" class="refentry"> <div class="refnamediv"> <h1 class="refname">openssl_x509_checkpurpose</h1> <p class="verinfo">(PHP 4 >= 4.0.6, PHP 5)</p><p class="refpurpose"><span class="refname">openssl_x509_checkpurpose</span> — <span class="dc-title">Verifies if a certificate can be used for a particular purpose</span></p> </div> <div class="refsect1 description" id="refsect1-function.openssl-x509-checkpurpose-description"> <h3 class="title">Description</h3> <div class="methodsynopsis dc-description"> <span class="type">int</span> <span class="methodname"><strong>openssl_x509_checkpurpose</strong></span> ( <span class="methodparam"><span class="type"><a href="language.pseudo-types.html#language.types.mixed" class="type mixed">mixed</a></span> <code class="parameter">$x509cert</code></span> , <span class="methodparam"><span class="type">int</span> <code class="parameter">$purpose</code></span> [, <span class="methodparam"><span class="type">array</span> <code class="parameter">$cainfo</code><span class="initializer"> = array()</span></span> [, <span class="methodparam"><span class="type">string</span> <code class="parameter">$untrustedfile</code></span> ]] )</div> <p class="para rdfs-comment"> <span class="function"><strong>openssl_x509_checkpurpose()</strong></span> examines a certificate to see if it can be used for the specified <em><code class="parameter">purpose</code></em>. </p> </div> <div class="refsect1 parameters" id="refsect1-function.openssl-x509-checkpurpose-parameters"> <h3 class="title">Parameters</h3> <p class="para"> <dl> <dt> <span class="term"><em><code class="parameter">x509cert</code></em></span> <dd> <p class="para"> The examined certificate. </p> </dd> </dt> <dt> <span class="term"><em><code class="parameter">purpose</code></em></span> <dd> <p class="para"> <table class="doctable table"> <caption><strong> <span class="function"><strong>openssl_x509_checkpurpose()</strong></span> purposes</strong></caption> <thead> <tr> <th>Constant</th> <th>Description</th> </tr> </thead> <tbody class="tbody"> <tr> <td>X509_PURPOSE_SSL_CLIENT</td> <td>Can the certificate be used for the client side of an SSL connection?</td> </tr> <tr> <td>X509_PURPOSE_SSL_SERVER</td> <td>Can the certificate be used for the server side of an SSL connection?</td> </tr> <tr> <td>X509_PURPOSE_NS_SSL_SERVER</td> <td>Can the cert be used for Netscape SSL server?</td> </tr> <tr> <td>X509_PURPOSE_SMIME_SIGN</td> <td>Can the cert be used to sign S/MIME email?</td> </tr> <tr> <td>X509_PURPOSE_SMIME_ENCRYPT</td> <td>Can the cert be used to encrypt S/MIME email?</td> </tr> <tr> <td>X509_PURPOSE_CRL_SIGN</td> <td>Can the cert be used to sign a certificate revocation list (CRL)?</td> </tr> <tr> <td>X509_PURPOSE_ANY</td> <td>Can the cert be used for Any/All purposes?</td> </tr> </tbody> </table> These options are not bitfields - you may specify one only! </p> </dd> </dt> <dt> <span class="term"><em><code class="parameter">cainfo</code></em></span> <dd> <p class="para"> <em><code class="parameter">cainfo</code></em> should be an array of trusted CA files/dirs as described in <a href="openssl.cert.verification.html" class="link">Certificate Verification</a>. </p> </dd> </dt> <dt> <span class="term"><em><code class="parameter">untrustedfile</code></em></span> <dd> <p class="para"> If specified, this should be the name of a PEM encoded file holding certificates that can be used to help verify the certificate, although no trust is placed in the certificates that come from that file. </p> </dd> </dt> </dl> </p> </div> <div class="refsect1 returnvalues" id="refsect1-function.openssl-x509-checkpurpose-returnvalues"> <h3 class="title">Return Values</h3> <p class="para"> Returns <strong><code>TRUE</code></strong> if the certificate can be used for the intended purpose, <strong><code>FALSE</code></strong> if it cannot, or -1 on error. </p> </div> </div><hr /><div class="manualnavbar" style="text-align: center;"> <div class="prev" style="text-align: left; float: left;"><a href="function.openssl-x509-check-private-key.html">openssl_x509_check_private_key</a></div> <div class="next" style="text-align: right; float: right;"><a href="function.openssl-x509-export-to-file.html">openssl_x509_export_to_file</a></div> <div class="up"><a href="ref.openssl.html">OpenSSL Functions</a></div> <div class="home"><a href="index.html">PHP Manual</a></div> </div></body></html>