Important:
This is retired content. This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.

A version of this page is also available for

4/8/2010

This structure contains information indicating whether the certified subject can act as a certification authority (CA), an end entity, or both. If the subject can act as a CA, a certification path length constraint can also be specified, as can a set of subtrees that must contain all subject names of subsequent certificates in a certification chain. This extension is used in validating certificates used to sign other certificates.

The CryptDecodeObjectfunction creates an instance of this structure when performed on a CERT_EXTENSIONstructure's Valuemember with the structure's pszObjIdmember set to szOID_BASIC_CONSTRAINTS.

Syntax


typedef struct _CERT_BASIC_CONSTRAINTS_INFO { CRYPT_BIT_BLOB SubjectType; BOOL fPathLenConstraint; DWORD dwPathLenConstraint; DWORD cSubtreesConstraint; CERT_NAME_BLOB* rgSubtreesConstraint; } CERT_BASIC_CONSTRAINTS_INFO, *PCERT_BASIC_CONSTRAINTS_INFO;

typedef struct _CERT_BASIC_CONSTRAINTS_INFO {
  CRYPT_BIT_BLOB 
SubjectType;
  BOOL 
fPathLenConstraint;
  DWORD 
dwPathLenConstraint;
  DWORD 
cSubtreesConstraint;
  CERT_NAME_BLOB* 
rgSubtreesConstraint;
} CERT_BASIC_CONSTRAINTS_INFO, *PCERT_BASIC_CONSTRAINTS_INFO;

Members

SubjectType: CRYPT_BIT_BLOBstructure can contain a CERT_CA_SUBJECT_FLAG that when set indicates that the certificate's subject can act as a CA, a CERT_END_ENTITY_SUBJECT_FLAG that when set indicates that the certificate's subject can act as an end entity, or both combined using a bitwise ORoperation.

fPathLenConstraint: Boolean value indicating whether the dwPathLenConstraintfield sets the maximum length of the certification path.

dwPathLenConstraint: Maximum number of CA certificates that can follow this certificate in a certification validation path. A value of zero indicates that the subject of this certificate can issue certificates only to end entities and not to CAs.

cSubtreesConstraint: Number of elements in the rgSubtreesConstraintarray.

rgSubtreesConstraint: Pointer to an array of CERT_NAME_BLOBstructures establishing subtree constraints.

Requirements

Header	wincrypt.h
Windows Embedded CE	Windows CE 3.0 and later
Windows Mobile	Windows Mobile Version 5.0 and later

Syntax

Members

Requirements

See Also

Reference