int gnutls_x509_crt_get_ca_status(gnutls_x509_crt_t cert, unsigned int * critical);
should contain a gnutls_x509_crt_t structure
unsigned int * critical
will be non zero if the extension is marked as critical
This function will return certificates CA status, by reading the
basicConstraints X.509 extension (18.104.22.168). If the certificate is
a CA a positive value will be returned, or zero if the certificate
does not have CA flag set.
Use gnutls_x509_crt_get_basic_constraints() if you want to read the
pathLenConstraint field too.
A negative value may be returned in case of parsing error.
If the certificate does not contain the basicConstraints extension
GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned.