CERT_BASIC_CONSTRAINTS_INFO (Compact 2013)
3/28/2014
This structure contains information indicating whether the certified subject can act as a certification authority (CA), an end entity, or both. If the subject can act as a CA, a certification path length constraint can also be specified, as can a set of subtrees that must contain all subject names of subsequent certificates in a certification chain. This extension is used in validating certificates used to sign other certificates.
The CryptDecodeObject function creates an instance of this structure when performed on a CERT_EXTENSION structure's Value member with the structure's pszObjId member set to szOID_BASIC_CONSTRAINTS.
Syntax
typedef struct _CERT_BASIC_CONSTRAINTS_INFO {
CRYPT_BIT_BLOB SubjectType;
BOOL fPathLenConstraint;
DWORD dwPathLenConstraint;
DWORD cSubtreesConstraint;
CERT_NAME_BLOB* rgSubtreesConstraint;
} CERT_BASIC_CONSTRAINTS_INFO, *PCERT_BASIC_CONSTRAINTS_INFO;
Members
- SubjectType
CRYPT_BIT_BLOB structure can contain a CERT_CA_SUBJECT_FLAG that when set indicates that the certificate's subject can act as a CA, a CERT_END_ENTITY_SUBJECT_FLAG that when set indicates that the certificate's subject can act as an end entity, or both combined using a bitwise OR operation.
- fPathLenConstraint
Boolean value indicating whether the dwPathLenConstraint field sets the maximum length of the certification path.
- dwPathLenConstraint
Maximum number of CA certificates that can follow this certificate in a certification validation path. A value of zero indicates that the subject of this certificate can issue certificates only to end entities and not to CAs.
- cSubtreesConstraint
Number of elements in the rgSubtreesConstraint array.
- rgSubtreesConstraint
Pointer to an array of CERT_NAME_BLOB structures establishing subtree constraints.
Requirements
Header |
wincrypt.h |
See Also
Reference
Cryptography Structures
BLOB (Cryptography)
CERT_EXTENSION
BLOB (Cryptography)
CRYPT_BIT_BLOB