2.2.4.36 PidTagUserX509Certificate

Data type: PtypMultipleBinary ([MS-OXCDATA] section 2.11.1)

The PidTagUserX509Certificate property ([MS-OXPROPS] section 2.1055) contains a list certificate for a mail user. Each binary value MUST be either an ASN.1 DER encoded SignedData Type binary large object (BLOB) that contains the user's certificates and is signed with the user's certificate, as specified in [RFC3852], or a binary property as specified in the following paragraph.

To determine which of the preceding types each binary value is, the application MUST examine the first byte of each binary value. If the first byte has the value 0x30, it is an ASN.1 DER encoded SignedData Type BLOB. Otherwise, the binary value MUST be interpreted according to the format specified in this section. The client and the server SHOULD use the PidTagUserX509Certificate property instead of the PidTagAddressBookX509Certificate property (section 2.2.4.35) when looking for certificates.

Non-ASN.1 Binary Value Format

If the binary value is not an ASN.1 DER encoded SignedData Type BLOB, it MUST be a BLOB containing a set of security settings as specified in sections 2.2.4.36.1 through 2.2.4.36.12, one after another, in a continuous block of data. All settings in these sections MUST appear no more than once in the binary value unless stated otherwise. Each security setting has the format shown in the following packet diagram.


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

TAG

LENGTH

DATA (variable)

...

TAG (2 bytes):  An unsigned value that identifies this particular security setting. If the TAG value found in a security setting is not among the ones listed in sections 2.2.4.36.1 through 2.2.4.36.12, the client and the server MUST ignore these settings.

LENGTH (2 bytes):  The total length of the security setting, including the TAG field, the LENGTH field, and the DATA field.

DATA (variable):  Contains the data associated with this security setting. Its length, in bytes, can be computed from the value of the LENGTH field. The following sections specify the security settings that appear in a non-ASN.1 certificate.