When X509_ALTERNATE_NAME, szOID_SUBJECT_ALT_NAME, or szOID_ISSUER_ALT_NAME are used for the lpszStructType with CryptEncodeObject, CryptEncodeObjectEx, CryptDecodeObject, or CryptDecodeObjectEx the following details apply.
"2.5.29.7" (szOID_SUBJECT_ALT_NAME)
"2.5.29.8" (szOID_SUBJECT_ALT_NAME)
pvStructInfo points to a CERT_ALT_NAME_INFO.
Before encoding, the LPWSTR name choices are converted to IA5 strings. If a string contains an invalid IA5 string, then, *pcbEncoded is updated with the error location of the invalid character and LastError is set to CRYPT_E_INVALID_IA5_STRING.
The CryptEncodeObject or CryptEncodeObjectEx error location indices are returned in *pcbEncoded as follows:
The VALUE_INDEX of the error is located in bits 0 through 15. This is the unicode character index.
The ENTRY_INDEX of the error is located in bits 16 through 23.
Note Bit 0 is the least significant bit of the double word.
The following macros are defined to provide for easy reading of the bit mapped fields for VALUE_INDEX and ENTRY_INDEX from the double word that contains them:
GET_CERT_ALT_NAME_VALUE_ERR_INDEX(X)
GET_CERT_ALT_NAME_ENTRY_ERR_INDEX(X)
The szOID_SUBJECT_ALT_NAME has been superseded by szOID_SUBJECT_ALT_NAME2. New certificate servers are implementing the latter.