 Important: |
|---|
| This is retired content. This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist. |
This structure sets parameters for building a non-default certificate chain engine. The engine determines the ways that certificate chains are built.
Syntax
typedef struct _CERT_CHAIN_ENGINE_CONFIG {
DWORD
cbSize;
HCERTSTORE
hRestrictedRoot;
HCERTSTORE
hRestrictedTrust;
HCERTSTORE
hRestrictedOther;
DWORD
cAdditionalStore;
HCERTSTORE*
rghAdditionalStore;
DWORD
dwFlags;
DWORD
dwUrlRetrievalTimeout;
DWORD
MaximumCachedCertificates;
DWORD
CycleDetectionModulus;
} CERT_CHAIN_ENGINE_CONFIG, *PCERT_CHAIN_ENGINE_CONFIG;
|
Members
- cbSize
-
Size of this structure in bytes.
- hRestrictedRoot
-
This parameter can be used to restrict the root store. If used, it can be the handle of any HCERTSTOREcontaining only a proper subset of the certificates in the root store.
- hRestrictedTrust
-
Store handle. If used, restricts the stores searched to find certificate trust lists (CTLs).
- hRestrictedOther
-
Store handle. If used, restricts the stores searched for certificates.
- cAdditionalStore
-
Count of additional stores to be searched for certificates needed to build chains.
- rghAdditionalStore
-
Pointer to an array of store handles for any additional stores to be searched in building chains.
- dwFlags
-
The following table shows the flags defined for this member.
Value Description CERT_CHAIN_CACHE_END_CERT
Information in the end certificate is cached. By default, information in all certificates except the end certificate is cached as a chain is built. Setting this flag extends the caching to the end certificate.
CERT_CHAIN_CACHE_ONLY_URL_RETRIEVAL
Uses only cached URLs in building a certificate chain. The Internet and intranet are not searched for URL-based objects.
CERT_CHAIN_USE_LOCAL_MACHINE_STORE
Builds the chain using the LocalMachine registry location as opposed to the CurrentUser location.
- dwUrlRetrievalTimeout
-
Number of microseconds before a time-out for network-based URL object retrievals. Can be set to zero to use the default limit.
- MaximumCachedCertificates
-
Limit on the number of certificates that can be cached as a chain is built. Can be set to zero to use the default limit.
- CycleDetectionModulus
-
Number of certificates added to the chain before a check is made to determine if there is a cycle of certificates in the chain. A cycle may be defined as having the same certificate in two different places in a chain.
The lower the number, the more frequently checks will be made. Extra checking for cycles of certificates will slow the process considerably. This parameter can be set to zero to use the default limit.
Remarks
The chain-building engine uses four certificate stores in building chains. These are hRoot, hWorld, hTrust, and hOther. The handles of these stores are established using information in this structure when a chain engine is created.
hRoot is the store handle from hRestrictedRootor, if hRestrictedRootis NULL, the handle for System Store Root.
hWorld is a collection certificate store including sibling stores hRoot, CA, My, Trust, and any additional stores whose handles are in the array pointed to by rghAdditionalStore.
hTrust is the store handle from hRestrictedTrustor, if hRestrictedTrustis NULL, the store handle is hWorld.
hOther is hRestrictedOtherplus hRootor, if hRestrictedTrustis non-NULL, the hWorld collection store plus the store handle from hRestrictedTrust.
Requirements
| Header | wincrypt.h |
| Windows Embedded CE | Windows CE 3.0 and later |
| Windows Mobile | Windows Mobile Version 5.0 and later |