Expand Minimize

WSD_SECURITY_CERT_VALIDATION structure

Represents the criteria for matching client certificates against those of an HTTPS server.

Do not use WSD_SECURITY_CERT_VALIDATION_V1 directly in your code; using WSD_SECURITY_CERT_VALIDATION instead ensures that the proper version, based on the Windows version.

Syntax


typedef struct _WSD_SECURITY_CERT_VALIDATION {
  PCCERT_CONTEXT *certMatchArray;
  DWORD          dwCertMatchArrayCount;
  HCERTSTORE     hCertMatchStore;
  HCERTSTORE     hCertIssuerStore;
  DWORD          dwCertCheckOptions;
} WSD_SECURITY_CERT_VALIDATION;

Members

certMatchArray

An array of CERT_CONTEXT structures that contain certificates to be matched against those provided by the HTTPS server or client. Only one matching certificate is required for validatation. This parameter can be NULL.

dwCertMatchArrayCount

The count of certificates in certMatchArray.

hCertMatchStore

A handle to a certificate store that contains certificates to be matched against those provided by the HTTPS server or client. Only one matching certificate is required for validatation. This parameter can be NULL.

hCertIssuerStore

A handle to a certificate store that contains root certificates against which a certificate from the HTTPS server or client should chain to. Validation succeeds as long as the certificate chains up to at least one root certificate. This parameter can be NULL.

dwCertCheckOptions

A bitwise OR combination of values that specify which certificate checks to ignore.

ValueMeaning
WSDAPI_SSL_CERT_DEFAULT_CHECKS
0x0

Handle any revoked certificate errors.

WSDAPI_SSL_CERT_IGNORE_REVOCATION
0x1

Ignore revoked certificate errors.

WSDAPI_SSL_CERT_IGNORE_EXPIRY
0x2

Ignore expired certificate errors.

WSDAPI_SSL_CERT_IGNORE_WRONG_USAGE
0x4

Ignore certificate use errors.

WSDAPI_SSL_CERT_IGNORE_UNKNOWN_CA
0x8

Ignore unknown certificate authority errors.

WSDAPI_SSL_CERT_IGNORE_INVALID_CN
0x10

Ignore invalid common name certificate errors.

 

Remarks

This structure is used in the pConfigData member of the WSD_CONFIG_PARAM structure.

When the configParamType of WSD_CONFIG_PARAM is WSD_SECURITY_SSL_SERVER_CERT_VALIDATION, this structure can be used to validate SSL server certificates presented by an SSL server.

When the configParamType of WSD_CONFIG_PARAM is WSD_SECURITY_SSL_CLIENT_CERT_VALIDATION, this structure can be used to validate SSL client certificates presented by an SSL client.

WSD_SECURITY_CERT_VALIDATION defines 3 certificate matching mechanisms. To obtain a match, at least one such mechanism must be satisfied.

If the application is built using Windows 8 SDK targeted for Windows 8 OS, WSD_SECURITY_CERT_VALIDATION resolves into the new structure. However, as a result, the application can then only run on Windows 8 machines.

If the application is built using Windows 8 SDK targeted for Windows 7 OS, WSD_SECURITY_CERT_VALIDATION will resolve into the old structure (WSD_SECURITY_CERT_VALIDATION_V1). While it's a given that the application will be supported for Windows 7, it also on Windows 8 since wsdapi.dll on Windows 8 will handle both the old and the newer versions of this structure.

An application already built using Windows 7 SDK will use the old version of this structure. It will run fine on Windows 8 since wsdapi.dll on Windows 8 can handle both versions.

Requirements

Minimum supported client

Windows 7 [desktop apps only]

Minimum supported server

Windows Server 2008 R2 [desktop apps only]

Header

Wsdbase.h (include Windows.h)

 

 

Community Additions

ADD
Show:
© 2014 Microsoft