This function performs the enabled verification checks on a certificate by checking the validity of the certificate's issuer. The new certificate chain verification functions are recommended instead this function.
BOOL WINAPI CertVerifySubjectCertificateContext( PCCERT_CONTEXT pSubject, PCCERT_CONTEXT pIssuer, DWORD *pdwFlags );
- [in] Pointer to a CERT_CONTEXT structure containing the subject's certificate.
- [in/optional] Pointer to a CERT_CONTEXT structure containing the issuer's certificate. When checking just CERT_STORE_TIME_VALIDITY_FLAG, the pIssuer parameter can be NULL.
- [in/out] Pointer to a DWORD contain verification check flags. The following flags can be set to enable verification checks on the subject certificate. They can also be combined using a bitwise OR operation to enable multiple verifications.
Value Description CERT_STORE_SIGNATURE_FLAG Uses the public key in the issuer's certificate to verify the signature on the subject certificate. CERT_STORE_TIME_VALIDITY_FLAG Gets the current time and verifies that it is within the subject certificate's validity period.
If an enabled verification check succeeds, its flag is set to zero. If it fails, then its flag is set upon return.
If CERT_STORE_REVOCATION_FLAG was enabled and the issuer does not have a CRL in the store, then CERT_STORE_NO_CRL_FLAG is set in addition to CERT_STORE_REVOCATION_FLAG.
If the function succeeds, the return value is TRUE.
If the function fails, the return value is FALSE.
For a verification check failure, TRUE is still returned. FALSE is returned only when a bad parameter is passed in.
For extended error information, call the GetLastError function. The following table lists one possible error code.
|E_INVALIDARG||An unsupported bit was set in the pdwFlags parameter. Any combination of CERT_STORE_SIGNATURE_FLAG, CERT_STORE_TIME_VALIDITY_FLAG, and CERT_STORE_REVOCATION_FLAG can be set. If the pIssuer parameter is NULL, only CERT_STORE_TIME_VALIDITY_FLAG can be set.|
The hexadecimal value of the flags can be combined using bitwise OR operations to enable multiple verifications. For example, to enable both signature and time validity, this value:
CERT_STORE_SIGNATURE_FLAG | CERT_STORE_TIME_VALIDITY_FLAG
is placed in the pdwFlags DWORD as an input parameter. If CERT_STORE_SIGNATURE_FLAG verification succeeds, but CERT_STORE_TIME_VALIDITY_FLAG verification fails, the pdwFlags parameter is set to CERT_STORE_TIME_VALIDITY_FLAG when the function returns.
|Runs on||Versions||Defined in||Include||Link to|
|Windows CE OS||3.0 or later||Wincrypt.h||Crypt32.lib|
Note This API is part of the complete Windows CE OS package as provided by Microsoft. The functionality of a particular platform is determined by the original equipment manufacturer (OEM) and some devices may not support this API.
Last updated on Tuesday, July 13, 2004
© 1992-2000 Microsoft Corporation. All rights reserved.