Important:
This is retired content. This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.
A version of this page is also available for
4/8/2010

This structure contains information indicating whether the certified subject can act as a certification authority (CA), an end entity, or both. If the subject can act as a CA, a certification path length constraint can also be specified, as can a set of subtrees that must contain all subject names of subsequent certificates in a certification chain. This extension is used in validating certificates used to sign other certificates.

The CryptDecodeObjectfunction creates an instance of this structure when performed on a CERT_EXTENSIONstructure's Valuemember with the structure's pszObjIdmember set to szOID_BASIC_CONSTRAINTS.

Syntax

typedef struct _CERT_BASIC_CONSTRAINTS_INFO {
  CRYPT_BIT_BLOB 
SubjectType;
  BOOL 
fPathLenConstraint;
  DWORD 
dwPathLenConstraint;
  DWORD 
cSubtreesConstraint;
  CERT_NAME_BLOB* 
rgSubtreesConstraint;
} CERT_BASIC_CONSTRAINTS_INFO, *PCERT_BASIC_CONSTRAINTS_INFO;

Members

SubjectType

CRYPT_BIT_BLOBstructure can contain a CERT_CA_SUBJECT_FLAG that when set indicates that the certificate's subject can act as a CA, a CERT_END_ENTITY_SUBJECT_FLAG that when set indicates that the certificate's subject can act as an end entity, or both combined using a bitwise ORoperation.

fPathLenConstraint

Boolean value indicating whether the dwPathLenConstraintfield sets the maximum length of the certification path.

dwPathLenConstraint

Maximum number of CA certificates that can follow this certificate in a certification validation path. A value of zero indicates that the subject of this certificate can issue certificates only to end entities and not to CAs.

cSubtreesConstraint

Number of elements in the rgSubtreesConstraintarray.

rgSubtreesConstraint

Pointer to an array of CERT_NAME_BLOBstructures establishing subtree constraints.

Requirements

Header wincrypt.h
Windows Embedded CE Windows CE 3.0 and later
Windows Mobile Windows Mobile Version 5.0 and later

See Also