Edit

Share via

CERT_CHAIN_POLICY_STATUS structure (wincrypt.h)

  • Article

The CERT_CHAIN_POLICY_STATUS structure holds certificate chain status information returned by the CertVerifyCertificateChainPolicy function when the certificate chains are validated.

Syntax

typedef struct _CERT_CHAIN_POLICY_STATUS {
  DWORD cbSize;
  DWORD dwError;
  LONG  lChainIndex;
  LONG  lElementIndex;
  void  *pvExtraPolicyStatus;
} CERT_CHAIN_POLICY_STATUS, *PCERT_CHAIN_POLICY_STATUS;

Members

cbSize

The size, in bytes, of this structure.

dwError

A value that indicates that an error or invalid condition was encountered during the validation process. The values of this member are specific to the policy type as specified by the value of the pszPolicyOID parameter of the CertVerifyCertificateChainPolicy function.

Base Policy errors (CERT_CHAIN_POLICY_BASE)

Value Meaning
TRUST_E_CERT_SIGNATURE
0x80096004L
 The signature of the certificate cannot be verified.
CRYPT_E_REVOKED
0x80092010L
 The certificate or signature has been revoked.
CERT_E_UNTRUSTEDROOT
0x800B0109L
 A certification chain processed correctly but terminated in a root certificate that is not trusted by the trust provider.
CERT_E_UNTRUSTEDTESTROOT
0x800B010DL
 The root certificate is a testing certificate, and policy settings disallow test certificates.
CERT_E_CHAINING
0x800B010AL
 A chain of certificates was not correctly created.
CERT_E_WRONG_USAGE
0x800B0110L
 The certificate is not valid for the requested usage.
CERT_E_EXPIRED
0x800B0101L
 A required certificate is not within its validity period.
CERT_E_INVALID_NAME
0x800B0114L
 The certificate has an invalid name. Either the name is not included in the permitted list, or it is explicitly excluded.
CERT_E_INVALID_POLICY
0x800B0113L
 The certificate has an invalid policy.
TRUST_E_BASIC_CONSTRAINTS
0x80096019L
 The basic constraints of the certificate are not valid, or they are missing.
CERT_E_CRITICAL
0x800B0105L
 The certificate is being used for a purpose other than the purpose specified by its CA.
CERT_E_VALIDITYPERIODNESTING
0x800B0102L
 The validity periods of the certification chain do not nest correctly.
CRYPT_E_NO_REVOCATION_CHECK
0x80092012L
 The revocation function was unable to check revocation for the certificate.
CRYPT_E_REVOCATION_OFFLINE
0x80092013L
 The revocation function was unable to check revocation because the revocation server was offline.
 

Basic Constraints Policy errors (CERT_CHAIN_POLICY_BASIC_CONSTRAINTS).

Value Meaning
TRUST_E_BASIC_CONSTRAINTS
0x80096019L
 The basic constraints of the certificate are not valid, or they are missing.
 

Authenticode Policy errors (CERT_CHAIN_POLICY_AUTHENTICODE and CERT_CHAIN_POLICY_AUTHENTICODE_TS).

These errors are in addition to the Base Policy errors.

Value Meaning
CERT_E_PURPOSE
0x800B0106L
 The certificate is being used for a purpose other than one specified by the issuing CA.
CERT_E_REVOKED
0x800B010CL
 The certificate has been explicitly revoked by the issuer.
CERT_E_REVOCATION_FAILURE
0x800B010EL
 The revocation process could not continue, and the certificate could not be checked.
 

SSL Policy errors (CERT_CHAIN_POLICY_SSL).

These errors are in addition to the Base Policy errors.

Value Meaning
CERT_E_UNTRUSTEDROOT
0x800B0109L
 A certification chain processed correctly but terminated in a root certificate that is not trusted by the trust provider.
CERT_E_CN_NO_MATCH
0x800B010FL
 The certificate's CN name does not match the passed value.
CERT_E_PURPOSE
0x800B0106L
 The certificate is being used for a purpose other than the purposes specified by its CA.
CERT_E_ROLE
0x800B0103L
 A certificate that can only be used as an end-entity is being used as a CA or vice versa.
 

Microsoft Root Policy errors (CERT_CHAIN_POLICY_MICROSOFT_ROOT).

Value Meaning
CERT_E_UNTRUSTEDROOT
0x800B0109L
 A certification chain processed correctly but terminated in a root certificate that is not trusted by the trust provider.
 

EV Policy errors.

Value Meaning
CERT_E_CHAINING
0x800B010AL
 The certificate chain to a trusted root authority could not be built.
CERT_E_WRONG_USAGE
0x800B0110L
 The certificate is not valid for the requested usage.

lChainIndex

Index that indicates the chain in which an error or condition that is not valid was found. For more information, see Remarks.

lElementIndex

Index that indicates the element in a chain where an error or condition that is not valid was found. For more information, see Remarks.

pvExtraPolicyStatus

A pointer to a structure. The structure type is determined by the value of the pszPolicyOID parameter of the CertVerifyCertificateChainPolicy function. In addition to dwError errors, policy OID–specific extra status can also be returned here to provide additional chain status information. This pointer can be optionally set to point to an AUTHENTICODE_EXTRA_CERT_CHAIN_POLICY_STATUS structure.

Remarks

If both lChainIndex and lElementIndex are set to –1, the error or condition that is not valid applies to the whole chain context. If only lElementIndex is set to –1, the error or condition that is not valid applies to the chain indexed by lChainIndex. Otherwise, the error or condition that is not valid applies to the certificate element at pChainContext->rgpChain[lChainIndex]->rgpElement[lElementIndex].

Requirements

Requirement Value
Minimum supported client Windows XP [desktop apps only]
Minimum supported server Windows Server 2003 [desktop apps only]
Header wincrypt.h