-.\" $OpenBSD: X509_check_ca.3,v 1.6 2022/02/18 01:41:17 jsg Exp $
+.\" $OpenBSD: X509_check_ca.3,v 1.7 2022/05/10 19:44:29 tb Exp $
.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
.\"
.\" This file was written by Victor B. Wagner <vitus@cryptocom.ru>.
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: February 18 2022 $
+.Dd $Mdocdate: May 10 2022 $
.Dt X509_CHECK_CA 3
.Os
.Sh NAME
.Xr BASIC_CONSTRAINTS_new 3 ,
.Xr EXTENDED_KEY_USAGE_new 3 ,
.Xr X509_check_issued 3 ,
+.Xr X509_check_purpose 3 ,
.Xr X509_EXTENSION_new 3 ,
.Xr X509_new 3 ,
.Xr X509_verify_cert 3
.Fn X509_check_ca
first appeared in OpenSSL 0.9.7f and has been available since
.Ox 3.8 .
+.Sh BUGS
+If
+.Fn X509_check_ca
+fails to cache X509v3 extension values, the return value may
+be incorrect.
+An application should
+call
+.Xr X509_check_purpose 3
+with a
+.Fa purpose
+argument of \-1,
+ensuring that the X509v3 extensions are cached,
+before calling
+.Fn X509_check_ca .
projects / openbsd / commitdiff