CERT_BASIC_CONSTRAINTS2_INFO

The CERT_BASIC_CONSTRAINTS2_INFO structure contains information indicating whether the certified subject may act as a CA or an end-entity. If the subject may act as a CA, a certification path length constraint may also be specified.

When the CryptDecodeObject or CryptDecodeObjectEx function is performed on a CERT_EXTENSION structure's Value member, and the structure's pszObjId member is set to "2.5.29.19", this CERT_BASIC_CONSTRAINTS2_INFO is output from the function call.

typedef struct _CERT_BASIC_CONSTRAINTS2_INFO {
    BOOL                           fCA;
    BOOL                           fPathLenConstraint;
    DWORD                          dwPathLenConstraint;
 } CERT_BASIC_CONSTRAINTS2_INFO,  *PCERT_BASIC_CONSTRAINTS2_INFO;
 

Members

fCA

TRUE indicates a CA. FALSE indicates an end-entity.

fPathLenConstraint

A flag indicating that the dwPathLenConstraint field is to be used to limit the allowed length of the certification path.

dwPathLenConstraint

Indicates the maximum number of CA certificates that may follow this certificate in a certification path. A value of zero indicates that the subject of this certificate may issue certificates only to end-entities and not to further CAs.