Hello, My application uses openssl 1.0.0, and it uses X509_check_ca() to find out if an X509 certificate is a CA certificate, or an End-entity (EE) certificate.
The below are the possible return codes. /* return codes of X509_check_ca(): * 0 not a CA * 1 is a CA * 2 basicConstraints absent so "maybe" a CA * 3 basicConstraints absent but self signed V1. * 4 basicConstraints absent but keyUsage present and keyCertSign asserted. */ My question here is, if we get return code as 4, should we consider this as a CA certificate or an EE certificate ? Any quick support in this regard is much appreciated. Regards, Sanjaya