gnutls_x509_crt_get_basic_constraints(3) API function


#include <gnutls/x509.h>

int gnutls_x509_crt_get_basic_constraints(gnutls_x509_crt_t cert, unsigned int * critical, unsigned int * ca, int * pathlen);


gnutls_x509_crt_t cert
should contain a gnutls_x509_crt_t type
unsigned int * critical
will be non-zero if the extension is marked as critical
unsigned int * ca
pointer to output integer indicating CA status, may be NULL, value is 1 if the certificate CA flag is set, 0 otherwise.
int * pathlen
pointer to output integer indicating path length (may be NULL), non-negative error codes indicate a present pathLenConstraint field and the actual value, -1 indicate that the field is absent.


This function will read the certificate's basic constraints, and return the certificates CA status. It reads the basicConstraints X.509 extension (


If the certificate is a CA a positive value will be returned, or (0) if the certificate does not have CA flag set. A negative error code may be returned in case of errors. If the certificate does not contain the basicConstraints extension GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned.


Report bugs to <[email protected]>.
Home page:


Copyright © 2001-2016 Free Software Foundation, Inc., and others.
Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright notice and this notice are preserved.