openssl_x509_checkpurpose() examines a certificate to see if it can be used for the specified purpose.
The examined certificate.
|X509_PURPOSE_SSL_CLIENT||Can the certificate be used for the client side of an SSL connection?|
|X509_PURPOSE_SSL_SERVER||Can the certificate be used for the server side of an SSL connection?|
|X509_PURPOSE_NS_SSL_SERVER||Can the cert be used for Netscape SSL server?|
|X509_PURPOSE_SMIME_SIGN||Can the cert be used to sign S/MIME email?|
|X509_PURPOSE_SMIME_ENCRYPT||Can the cert be used to encrypt S/MIME email?|
|X509_PURPOSE_CRL_SIGN||Can the cert be used to sign a certificate revocation list (CRL)?|
|X509_PURPOSE_ANY||Can the cert be used for Any/All purposes?|
These options are not bitfields - you may specify one only!
cainfo should be an array of trusted CA files/dirs as described in Certificate Verification. It defaults to an empty array.
If specified, this should be the name of a PEM encoded file holding certificates that can be used to help verify the certificate, although no trust in placed in the certificates that come from that file.