openssl_x509_checkpurpose Verifies if a certificate can be used for a particular purpose boolopenssl_x509_checkpurpose mixedx509cert intpurpose arraycainfo stringuntrustedfile Returns &true; if the certificate can be used for the intended purpose, &false; if it cannot, or -1 on error. openssl_x509_checkpurpose examines the certificate specified by x509cert to see if it can be used for the purpose specified by purpose. cainfo should be an array of trusted CA files/dirs as described in Certificate Verification. It defaults to an empty array. untrustedfile, if specified, is the name of a PEM encoded file holding certificates that can be used to help verify the certificate, although no trust in placed in the certificates that come from that file. Constant Description X509_PURPOSE_SSL_CLIENT Can the certificate be used for the client side of an SSL connection? X509_PURPOSE_SSL_SERVER Can the certificate be used for the server side of an SSL connection? X509_PURPOSE_NS_SSL_SERVER Can the cert be used for Netscape SSL server? X509_PURPOSE_SMIME_SIGN Can the cert be used to sign S/MIME email? X509_PURPOSE_SMIME_ENCRYPT Can the cert be used to encrypt S/MIME email? X509_PURPOSE_CRL_SIGN Can the cert be used to sign a certificate revocation list (CRL)? X509_PURPOSE_ANY Can the cert be used for Any/All purposes? These options are not bitfields - you may specify one only!