openssl_x509_checkpurpose Verifies if a certificate can be used for a particular purpose &reftitle.description; boolintopenssl_x509_checkpurpose OpenSSLCertificatestringcertificate intpurpose arrayca_info[] stringnulluntrusted_certificates_file&null; openssl_x509_checkpurpose examines a certificate to see if it can be used for the specified purpose. &reftitle.parameters; certificate The examined certificate. purpose Constant Description X509_PURPOSE_SSL_CLIENT Can the certificate be used for the client side of an SSL connection? X509_PURPOSE_SSL_SERVER Can the certificate be used for the server side of an SSL connection? X509_PURPOSE_NS_SSL_SERVER Can the cert be used for Netscape SSL server? X509_PURPOSE_SMIME_SIGN Can the cert be used to sign S/MIME email? X509_PURPOSE_SMIME_ENCRYPT Can the cert be used to encrypt S/MIME email? X509_PURPOSE_CRL_SIGN Can the cert be used to sign a certificate revocation list (CRL)? X509_PURPOSE_ANY Can the cert be used for Any/All purposes? These options are not bitfields - you may specify one only! ca_info ca_info should be an array of trusted CA files/dirs as described in Certificate Verification. untrusted_certificates_file If specified, this should be the name of a PEM encoded file holding certificates that can be used to help verify the certificate, although no trust is placed in the certificates that come from that file. &reftitle.returnvalues; Returns &true; if the certificate can be used for the intended purpose, &false; if it cannot, or -1 on error. &reftitle.changelog; &Version; &Description; 8.0.0 certificate accepts an OpenSSLCertificate instance now; previously, a &resource; of type OpenSSL X.509 was accepted. 8.0.0 untrusted_certificates_file is nullable now.