When dealing with the purposes of a x509 crt file
the output of openssl_x509_parse gives an array with following for the purposes:
each new array ([purposes][1], [purposes][2] for example) is a new purpose check
I compared this output with the output of the command
# openssl x509 -purpose -in
the result i got was that
[purposes][x][2] quite obviously is the name of the purpose checked
[purposes][x][1] corresponds to the tested purpose (as named in [purposes][x][2]) acting as CA
[purposes][x][0] corresponds to the general availability of the purpose
[purposes] => Array
(
[1] => Array
(
[0] => 1
[1] => 1
[2] => sslclient
)
[2] => Array
(
[0] => 1
[1] => 1
[2] => sslserver
)
[3] => Array
(
[0] => 1
[1] => 1
[2] => nssslserver
)
[4] => Array
(
[0] => 1
[1] => 1
[2] => smimesign
)
[5] => Array
(
[0] => 1
[1] => 1
[2] => smimeencrypt
)
[6] => Array
(
[0] => 1
[1] => 1
[2] => crlsign
)
[7] => Array
(
[0] => 1
[1] => 1
[2] => any
)
[8] => Array
(
[0] => 1
[1] => 1
[2] => ocsphelper
)
)