CertVerifySubjectCertificateContext function (wincrypt.h)
The CertVerifySubjectCertificateContext function performs the enabled verification checks on a certificate by checking the validity of the certificate's issuer. The new Certificate Chain Verification Functions are recommended instead of this function.
Syntax
BOOL CertVerifySubjectCertificateContext(
[in] PCCERT_CONTEXT pSubject,
[in, optional] PCCERT_CONTEXT pIssuer,
[in, out] DWORD *pdwFlags
);
Parameters
[in] pSubject
A pointer to a CERT_CONTEXT structure containing the subject's certificate.
[in, optional] pIssuer
A pointer to a CERT_CONTEXT containing the issuer's certificate. When checking just CERT_STORE_TIME_VALIDITY_FLAG, pIssuer can be NULL.
[in, out] pdwFlags
A pointer to a DWORD value contain verification check flags. The following flags can be set to enable verification checks on the subject certificate. They can be combined using a bitwise-OR operation to enable multiple verifications.
If an enabled verification check succeeds, its flag is set to zero. If it fails, then its flag is set upon return.
If CERT_STORE_REVOCATION_FLAG was enabled and the issuer does not have a CRL in the store, then CERT_STORE_NO_CRL_FLAG is set in addition to CERT_STORE_REVOCATION_FLAG.
Return value
If the function succeeds, the return value is TRUE.
If the function fails, the return value is FALSE.
For a verification check failure, TRUE is still returned. FALSE is returned only when a bad parameter is passed in.
For extended error information, call GetLastError. One possible error code is the following.
Return code | Description |
---|---|
|
An unsupported bit was set in pdwFlags. Any combination of CERT_STORE_SIGNATURE_FLAG, CERT_STORE_TIME_VALIDITY_FLAG, and CERT_STORE_REVOCATION_FLAG can be set. If pIssuer is NULL, only CERT_STORE_TIME_VALIDITY_FLAG can be set. |
Remarks
The hexadecimal value of the flags can be combined using bitwise-OR operations to enable multiple verifications. For example, to enable both signature and time validity, the value
CERT_STORE_SIGNATURE_FLAG | CERT_STORE_TIME_VALIDITY_FLAG
is placed in the pdwFlags DWORD value as an input parameter. If CERT_STORE_SIGNATURE_FLAG verification succeeds, but CERT_STORE_TIME_VALIDITY_FLAG verification fails, pdwFlags is set to CERT_STORE_TIME_VALIDITY_FLAG when the function returns.
Requirements
Requirement | Value |
---|---|
Minimum supported client | Windows XP [desktop apps | UWP apps] |
Minimum supported server | Windows Server 2003 [desktop apps | UWP apps] |
Target Platform | Windows |
Header | wincrypt.h |
Library | Crypt32.lib |
DLL | Crypt32.dll |