NAME

       X509_check_issued - checks if certificate is apparently issued by another certificate

SYNOPSIS

        #include <openssl/x509v3.h>

        int X509_check_issued(X509 *issuer, X509 *subject);

DESCRIPTION

       X509_check_issued() checks if certificate subject was apparently issued using (CA) certificate issuer.
       This function takes into account not only matching of the issuer field of subject with the subject field
       of issuer, but also compares all sub-fields of the authorityKeyIdentifier extension of subject, as far as
       present, with the respective subjectKeyIdentifier, serial number, and issuer fields of issuer, as far as
       present. It also checks if the keyUsage field (if present) of issuer allows certificate signing.  It does
       not actually check the certificate signature. An error is returned if the issuer or the subject are
       incomplete certificates.

RETURN VALUES

       X509_check_issued() returns X509_V_OK if all checks are successful or some X509_V_ERR* constant to
       indicate an error.

SEE ALSO

       X509_verify_cert(3), X509_verify(3), X509_check_ca(3), openssl-verify(1), X509_self_signed(3)

COPYRIGHT

       Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.

       Licensed under the Apache License 2.0 (the "License").  You may not use this file except in compliance
       with the License.  You can obtain a copy in the file LICENSE in the source distribution or at
       <https://www.openssl.org/source/license.html>.

3.5.3                                              2025-09-16                            X509_CHECK_ISSUED(3SSL)