1 files changed, 93 insertions, 0 deletions

diff --git a/lib/libcrypto/man/X509_check_ca.3 b/lib/libcrypto/man/X509_check_ca.3
new file mode 100644
index 00000000000..67aac693e67
--- /dev/null
+++ b/lib/libcrypto/man/X509_check_ca.3
@@ -0,0 +1,93 @@
+.\"	$OpenBSD: X509_check_ca.3,v 1.1 2016/12/05 15:56:46 schwarze Exp $
+.\"	OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
+.\"
+.\" This file was written by Victor B. Wagner <vitus@cryptocom.ru>.
+.\" Copyright (c) 2015, 2016 The OpenSSL Project.  All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in
+.\"    the documentation and/or other materials provided with the
+.\"    distribution.
+.\"
+.\" 3. All advertising materials mentioning features or use of this
+.\"    software must display the following acknowledgment:
+.\"    "This product includes software developed by the OpenSSL Project
+.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+.\"
+.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+.\"    endorse or promote products derived from this software without
+.\"    prior written permission. For written permission, please contact
+.\"    openssl-core@openssl.org.
+.\"
+.\" 5. Products derived from this software may not be called "OpenSSL"
+.\"    nor may "OpenSSL" appear in their names without prior written
+.\"    permission of the OpenSSL Project.
+.\"
+.\" 6. Redistributions of any form whatsoever must retain the following
+.\"    acknowledgment:
+.\"    "This product includes software developed by the OpenSSL Project
+.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+.\" OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd $Mdocdate: December 5 2016 $
+.Dt X509_CHECK_CA 3
+.Os
+.Sh NAME
+.Nm X509_check_ca
+.Nd check whether a certificate is a CA certificate
+.Sh SYNOPSIS
+.In openssl/x509v3.h
+.Ft int
+.Fo X509_check_ca
+.Fa "X509 *cert"
+.Fc
+.Sh DESCRIPTION
+This function checks whether the given certificate is a CA certificate,
+that is, whether it can be used to sign other certificates.
+.Sh RETURN VALUE
+This functions returns non-zero if
+.Fa cert
+is a CA certificate or 0 otherwise.
+.Pp
+The following return values identify specific kinds of CA certificates:
+.Bl -tag -width 2n
+.It 1
+an X.509 v3 CA certificate with
+.Sy basicConstraints
+extension CA:TRUE
+.It 3
+a self-signed X.509 v1 certificate
+.It 4
+a certificate with
+.Sy keyUsage
+extension with bit
+.Sy keyCertSign
+set, but without
+.Sy basicConstraints
+.It 5
+a certificate with an outdated Netscape Certificate Type extension telling
+that it is a CA certificate
+.El
+.Sh SEE ALSO
+.Xr X509_check_issued 3 ,
+.Xr X509_check_purpose 3 ,
+.Xr X509_verify_cert 3