CERT_BASIC_CONSTRAINTS_INFO
This structure contains information indicating whether the certified subject can act as a certification authority (CA), an end entity, or both. If the subject can act as a CA, a certification path length constraint can also be specified, as can a set of subtrees that must contain all subject names of subsequent certificates in a certification chain. This extension is used in validating certificates used to sign other certificates.
The CryptDecodeObject function creates an instance of this structure when performed on a CERT_EXTENSION structure's Value member with the structure's pszObjId member set to szOID_BASIC_CONSTRAINTS.
typedef struct _CERT_BASIC_CONSTRAINTS_INFO {CRYPT_BIT_BLOBSubjectType;BOOLfPathLenConstraint;DWORDdwPathLenConstraint;DWORDcSubtreesConstraint;CERT_NAME_BLOB*rgSubtreesConstraint;} CERT_BASIC_CONSTRAINTS_INFO, *PCERT_BASIC_CONSTRAINTS_INFO;
Members
- SubjectType
CRYPT_BIT_BLOB structure can contain a CERT_CA_SUBJECT_FLAG that when set indicates that the certificate's subject can act as a CA, a CERT_END_ENTITY_SUBJECT_FLAG that when set indicates that the certificate's subject can act as an end entity, or both combined using a bitwise OR operation. - fPathLenConstraint
Boolean value indicating whether the dwPathLenConstraint field sets the maximum length of the certification path. - dwPathLenConstraint
Maximum number of CA certificates that can follow this certificate in a certification validation path. A value of zero indicates that the subject of this certificate can issue certificates only to end entities and not to CAs. - cSubtreesConstraint
Number of elements in the rgSubtreesConstraint array. - rgSubtreesConstraint
Array of CERT_NAME_BLOB structures establishing subtree constraints.
Requirements
OS Versions: Windows CE 3.0 and later.
Header: Wincrypt.h.
See Also
BLOB (Cryptography) | CERT_EXTENSION | CERT_NAME_BLOB | CRYPT_BIT_BLOB
Last updated on Thursday, April 08, 2004
© 1992-2003 Microsoft Corporation. All rights reserved.