check whether a certificate is a CA certificate
This function checks whether the given certificate is a CA certificate, that is,
whether it can be used to sign other certificates.
This functions returns non-zero if cert is a CA
certificate or 0 otherwise.
The following return values identify specific kinds of CA
- an X.509 v3 CA certificate with basicConstraints
- a self-signed X.509 v1 certificate
- a certificate with keyUsage extension with bit
keyCertSign set, but without
- a certificate with an outdated Netscape Certificate Type extension telling
that it is a CA certificate
X509_check_ca() first appeared in OpenSSL 0.9.7f and has
been available since OpenBSD 3.8.