1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
|
.\" $OpenBSD: X509_check_purpose.3,v 1.9 2022/12/17 12:48:53 tb Exp $
.\"
.\" Copyright (c) 2019, 2021 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: December 17 2022 $
.Dt X509_CHECK_PURPOSE 3
.Os
.Sh NAME
.Nm X509_check_purpose
.Nd check intended usage of a public key
.Sh SYNOPSIS
.In openssl/x509v3.h
.Ft int
.Fo X509_check_purpose
.Fa "X509 *certificate"
.Fa "int purpose"
.Fa "int ca"
.Fc
.Sh DESCRIPTION
If the
.Fa purpose
argument is \-1,
.Fn X509_check_purpose
ignores the
.Fa ca
argument and checks that all the extensions of the
.Fa certificate
can be parsed and pass minimal sanity checks, ensuring that
extensions that must not occur more than once do not.
It also makes sure that all extensions are cached in the
.Vt X509
object.
.Pp
If the
.Fa purpose
argument is not \-1 and the
.Fa ca
flag is 0,
.Fn X509_check_purpose
also checks whether the public key contained in the
.Fa certificate
is intended to be used for the given
.Fa purpose ,
which can be one of the following integer constants.
The check succeeds if none of the conditions given in the list below
are violated.
It always fails if parsing fails for any extension contained in the
.Fa certificate .
.Bl -tag -width 1n
.It Dv X509_PURPOSE_SSL_CLIENT
.Bl -dash -width 1n -compact
.It
If the
.Fa certificate
contains an Extended Key Usage extension, it contains the RFC 5280
.Dq TLS WWW client authentication
purpose
.Pq Dv NID_client_auth .
.It
If the
.Fa certificate
contains a Key Usage extension, the
.Dv digitalSignature
bit is set.
.It
If the
.Fa certificate
contains a Netscape Cert Type extension, the
.Dq SSL client certificate
bit is set
.Pq Dv NS_SSL_CLIENT .
.El
.It Dv X509_PURPOSE_SSL_SERVER
.Bl -dash -width 1n -compact
.It
If the
.Fa certificate
contains an Extended Key Usage extension, it contains the RFC 5280
.Dq TLS WWW server authentication
purpose
.Pq Dv NID_server_auth
or the private
.Dq Netscape Server Gated Crypto
.Pq Dv NID_ns_sgc
or
.Dq Microsoft Server Gated Crypto
.Pq Dv NID_ms_sgc
purpose.
.It
If the
.Fa certificate
contains a Key Usage extension, at least one of the
.Dv digitalSignature
and
.Dv keyEncipherment
bits is set.
.It
If the
.Fa certificate
contains a Netscape Cert Type extension, the
.Dq SSL server certificate
bit is set
.Pq Dv NS_SSL_SERVER
.El
.It Dv X509_PURPOSE_NS_SSL_SERVER
.\" check_purpose_ns_ssl_server, "Netscape SSL server"
This does the same checks as
.Dv X509_PURPOSE_SSL_SERVER
and additionally requires that a Key Usage extension, if present,
has the
.Dv keyEncipherment
bit set.
.It Dv X509_PURPOSE_SMIME_SIGN
.\" check_purpose_smime_sign, "S/MIME signing"
.Bl -dash -width 1n -compact
.It
If the
.Fa certificate
contains an Extended Key Usage extension, it contains the RFC 5280
.Dq Email protection
purpose
.Pq Dv NID_email_protect .
.It
If the
.Fa certificate
contains a Key Usage extension, at least one of the
.Dv digitalSignature
and
.Dv nonRepudiation
bits is set.
.It
If the
.Fa certificate
contains a Netscape Cert Type extension, it has the
.Dq S/MIME certificate
bit set.
If the
.Dq SSL client certificate
bit is set but the
.Dq S/MIME certificate
bit is not, no decision is made.
.El
.It Dv X509_PURPOSE_SMIME_ENCRYPT
.\" check_purpose_smime_encrypt, "S/MIME encryption"
.Bl -dash -width 1n -compact
.It
If the
.Fa certificate
contains an Extended Key Usage extension, it contains the RFC 5280
.Dq Email protection
purpose
.Pq Dv NID_email_protect .
.It
If the
.Fa certificate
contains a Key Usage extension, the
.Dv keyEncipherment
bit is set.
.It
If the
.Fa certificate
contains a Netscape Cert Type extension, it has the
.Dq S/MIME certificate
bit set.
If the
.Dq SSL client certificate
bit is set but the
.Dq S/MIME certificate
bit is not, no decision is made.
.El
.It Dv X509_PURPOSE_CRL_SIGN
.\" check_purpose_crl_sign, "CRL signing"
.Bl -dash -width 1n -compact
.It
If the
.Fa certificate
contains a Key Usage extension, the
.Dv cRLSign
bit is set.
.El
.It Dv X509_PURPOSE_ANY
Nothing is required except that, if any extensions are present,
parsing them needs to succeed.
.It Dv X509_PURPOSE_OCSP_HELPER
.\" ocsp_helper, "OCSP helper"
Nothing is required except that, if any extensions are present,
parsing them needs to succeed.
The application program is expected
to do the actual checking by other means.
.It Dv X509_PURPOSE_TIMESTAMP_SIGN
.\" check_purpose_timestamp_sign, "Time Stamp signing"
.Bl -dash -width 1n -compact
.It
The
.Fa certificate
contains an Extended Key Usage extension containing the RFC 5280
.Dq Time Stamping
purpose and no other purpose.
This extension is marked as critical.
.It
If the
.Fa certificate
contains a Key Usage extension, at least one of the
.Dv digitalSignature
and
.Dv nonRepudiation
bits is set, and no other bits are set.
.El
.El
.Pp
If the
.Fa purpose
argument is not \-1 and the
.Fa ca
flag is non-zero,
.Fn X509_check_purpose
instead checks, in addition to the minimal sanity checks, whether the
.Fa certificate
can be used as a certificate authority certificate
in the context of the given
.Fa purpose .
To succeed, the check always requires that none of the following
conditions are violated:
.Pp
.Bl -dash -width 1n -compact
.It
If the
.Fa certificate
contains any extensions, parsing them succeeds.
.It
If the
.Fa certificate
contains a Key Usage extension, the
.Dv keyCertSign
bit is set.
.It
If the
.Fa certificate
contains a Basic Constraints extension, the
.Fa cA
field is set.
.It
If the
.Fa certificate
is a version 1 certificate, the subject name matches the issuer name
and the certificate is self signed.
.El
.Pp
The check succeeds if none of the additional conditions given in
the list below are violated.
.Bl -tag -width 1n
.It Dv X509_PURPOSE_SSL_CLIENT
.Bl -dash -width 1n -compact
.It
If the
.Fa certificate
contains an Extended Key Usage extension, it contains the RFC 5280
.Dq TLS WWW client authentication
purpose
.Pq Dv NID_client_auth .
.It
If the
.Fa certificate
is not a version 1 certificate and does not contain a Basic Constraints
extension, it contains a Key Usage extension with the
.Dv keyCertSign
bit set or a Netscape Cert Type extension with the
.Dq SSL CA certificate
bit set.
.El
.It Dv X509_PURPOSE_SSL_SERVER No or Dv X509_PURPOSE_NS_SSL_SERVER
.Bl -dash -width 1n -compact
.It
If the
.Fa certificate
contains an Extended Key Usage extension, it contains the RFC 5280
.Dq TLS WWW server authentication
purpose
.Pq Dv NID_server_auth
or the private
.Dq Netscape Server Gated Crypto
.Pq Dv NID_ns_sgc
or
.Dq Microsoft Server Gated Crypto
.Pq Dv NID_ms_sgc
purpose.
.It
If the
.Fa certificate
is not a version 1 certificate and does not contain a Basic Constraints
extension, it contains a Key Usage extension with the
.Dv keyCertSign
bit set or a Netscape Cert Type extension with the
.Dq SSL CA certificate
bit set.
.El
.It Dv X509_PURPOSE_SMIME_SIGN No or Dv X509_PURPOSE_SMIME_ENCRYPT
.Bl -dash -width 1n -compact
.It
If the
.Fa certificate
contains an Extended Key Usage extension, it contains the RFC 5280
.Dq Email protection
purpose
.Pq Dv NID_email_protect .
.It
If the
.Fa certificate
is not a version 1 certificate and does not contain a Basic Constraints
extension, it contains a Key Usage extension with the
.Dv keyCertSign
bit set or a Netscape Cert Type extension with the
.Dq S/MIME CA certificate
bit set.
.El
.It Xo
.Dv X509_PURPOSE_CRL_SIGN ,
.Dv X509_PURPOSE_OCSP_HELPER ,
or
.Dv X509_PURPOSE_TIMESTAMP_SIGN
.Xc
.Bl -dash -width 1n -compact
.It
If the
.Fa certificate
is not a version 1 certificate and does not contain a Basic Constraints
extension, it contains a Key Usage extension with the
.Dv keyCertSign
bit set or a Netscape Cert Type extension with at least one of the
.Dq SSL CA certificate ,
.Dq S/MIME CA certificate ,
or
.Dq Object-signing CA certificate
bits set.
.El
.It Dv X509_PURPOSE_ANY
Nothing is required except that, if any extensions are present,
parsing them needs to succeed.
The check even succeeds if the three other common conditions
cited above this list are violated.
.El
.Pp
If the function
.Xr X509_PURPOSE_add 3
was called before
.Fn X509_check_purpose ,
it may have installed different, user-supplied checking functions
for some of the standard purposes listed above, or it may have
installed additional, user-supplied checking functions for user-defined
.Fa purpose
identifiers not listed above.
.Sh RETURN VALUES
If the parsing of certificate extensions fails, sanity checks fail or the
.Fa purpose
is invalid,
.Fn X509_check_purpose
returns \-1 to indicate the error.
.Pp
If the
.Fa purpose
argument is \-1 and parsing and minimal sanity checks succeed,
.Fn X509_check_purpose
returns 1 to indicate success.
.Pp
Otherwise, it returns the following values:
.Pp
If
.Fa ca
is 0:
.Bl -column -1 Failure -compact
.It 0 Ta Failure Ta The
.Fa certificate
cannot be used for the
.Fa purpose .
.It 1 Ta Success Ta The
.Fa certificate
can be used for the
.Fa purpose .
.It 2 Ta Unknown Ta \&No decision can be made.
.El
.Pp
If
.Fa ca
is non-zero:
.Bl -column -1 Failure -compact
.It 0 Ta Failure Ta The
.Fa certificate
cannot be used as a CA for the
.Fa purpose .
.It 1 Ta Success Ta The
.Fa certificate
can be used as a CA for the
.Fa purpose .
.It 3 Ta Success Ta The Fa certificate No is a version 1 CA .
.It 4 Ta Success Ta The Key Usage allows Dv keyCertSign .
.It 5 Ta Success Ta A Netscape Cert Type allows usage as a CA.
.El
.Sh SEE ALSO
.Xr BASIC_CONSTRAINTS_new 3 ,
.Xr EXTENDED_KEY_USAGE_new 3 ,
.Xr X509_check_trust 3 ,
.Xr X509_new 3 ,
.Xr X509_policy_check 3 ,
.Xr X509_PURPOSE_set 3 ,
.Xr X509V3_get_d2i 3 ,
.Xr x509v3.cnf 5
.Sh STANDARDS
RFC 5280: Internet X.509 Public Key Infrastructure Certificate and
Certificate Revocation List (CRL) Profile
.Bl -dash -offset indent -compact
.It
section 4.2.1.3: Key Usage
.It
section 4.2.1.9: Basic Constraints
.It
section 4.2.1.12: Extended Key Usage
.El
.Sh HISTORY
.Fn X509_check_purpose
first appeared in OpenSSL 0.9.5 and has been available since
.Ox 2.7 .
|
