CERT_BASIC_CONSTRAINTS_INFO structure (wincrypt.h)
The CERT_BASIC_CONSTRAINTS_INFO structure contains information that indicates whether the certified subject can act as a certification authority (CA), an end entity, or both. If the subject can act as a CA, a certification path-length constraint can also be specified, as can a set of subtrees that must contain all subject names of subsequent certificates in a certification chain. This extension is used in validating certificates used to sign other certificates.
The CryptDecodeObject function creates an instance of this structure when performed on a CERT_EXTENSION structure's Value member with its structure's pszObjId member set to szOID_BASIC_CONSTRAINTS.
Syntax
typedef struct _CERT_BASIC_CONSTRAINTS_INFO {
CRYPT_BIT_BLOB SubjectType;
BOOL fPathLenConstraint;
DWORD dwPathLenConstraint;
DWORD cSubtreesConstraint;
CERT_NAME_BLOB *rgSubtreesConstraint;
} CERT_BASIC_CONSTRAINTS_INFO, *PCERT_BASIC_CONSTRAINTS_INFO;
Members
SubjectType
A CRYPT_BIT_BLOB value can contain one of the following:
- A CERT_CA_SUBJECT_FLAG that, when set, indicates that the certificate's subject can act as a CA.
- A CERT_END_ENTITY_SUBJECT_FLAG that, when set, indicates that the certificate's subject can act as an end entity.
- Both of the above, combined using a bitwise-OR operation.
fPathLenConstraint
A Boolean value that indicates whether the dwPathLenConstraint field sets the maximum length of the certification path.
dwPathLenConstraint
The maximum number of CA certificates that can follow this certificate in a certification validation path. A value of zero indicates that the subject of this certificate can issue certificates only to end entities and not to CAs.
cSubtreesConstraint
The number of elements in the rgSubtreesConstraint array.
rgSubtreesConstraint
An array of CERT_NAME_BLOB structures that establish subtree constraints.
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client | Windows XP [desktop apps only] |
| Minimum supported server | Windows Server 2003 [desktop apps only] |
| Header | wincrypt.h |
See also
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for