Partager via


CERT_BASIC_CONSTRAINTS_INFO (Compact 2013)

3/28/2014

This structure contains information indicating whether the certified subject can act as a certification authority (CA), an end entity, or both. If the subject can act as a CA, a certification path length constraint can also be specified, as can a set of subtrees that must contain all subject names of subsequent certificates in a certification chain. This extension is used in validating certificates used to sign other certificates.

The CryptDecodeObject function creates an instance of this structure when performed on a CERT_EXTENSION structure's Value member with the structure's pszObjId member set to szOID_BASIC_CONSTRAINTS.

Syntax

typedef struct _CERT_BASIC_CONSTRAINTS_INFO {
  CRYPT_BIT_BLOB SubjectType;
  BOOL fPathLenConstraint;
  DWORD dwPathLenConstraint;
  DWORD cSubtreesConstraint;
  CERT_NAME_BLOB* rgSubtreesConstraint;
} CERT_BASIC_CONSTRAINTS_INFO, *PCERT_BASIC_CONSTRAINTS_INFO;

Members

  • SubjectType
    CRYPT_BIT_BLOB structure can contain a CERT_CA_SUBJECT_FLAG that when set indicates that the certificate's subject can act as a CA, a CERT_END_ENTITY_SUBJECT_FLAG that when set indicates that the certificate's subject can act as an end entity, or both combined using a bitwise OR operation.
  • fPathLenConstraint
    Boolean value indicating whether the dwPathLenConstraint field sets the maximum length of the certification path.
  • dwPathLenConstraint
    Maximum number of CA certificates that can follow this certificate in a certification validation path. A value of zero indicates that the subject of this certificate can issue certificates only to end entities and not to CAs.
  • cSubtreesConstraint
    Number of elements in the rgSubtreesConstraint array.
  • rgSubtreesConstraint
    Pointer to an array of CERT_NAME_BLOB structures establishing subtree constraints.

Requirements

Header

wincrypt.h

See Also

Reference

Cryptography Structures
BLOB (Cryptography)
CERT_EXTENSION
BLOB (Cryptography)
CRYPT_BIT_BLOB