SSL_EXTRA_CERT_CHAIN_POLICY_PARA structure

The SSL_EXTRA_CERT_CHAIN_POLICY_PARA structure, also identified by the name HTTPSPolicyCallbackData, holds policy information used in the verification of Secure Sockets Layer (SSL) client/server certificate chains.

Syntax

C++
Copy 

typedef struct _HTTPSPolicyCallbackData {
  union {
    DWORD cbStruct;
    DWORD cbSize;
  };
  DWORD dwAuthType;
  DWORD fdwChecks;
  WCHAR *pwszServerName;
} HTTPSPolicyCallbackData, *PHTTPSPolicyCallbackData, SSL_EXTRA_CERT_CHAIN_POLICY_PARA, *PSSL_EXTRA_CERT_CHAIN_POLICY_PARA;

Members

cbStruct

DWORD value that specifies the number of bytes in this structure.

cbSize

DWORD value that specifies the size, in bytes, of this structure.

dwAuthType

DWORD value that specifies the type of authentication. This member can be one of the following values.

ValueMeaning
AUTHTYPE_CLIENT
1

The client is being authenticated.

AUTHTYPE_SERVER
2

The server is being authenticated.

 

fdwChecks

DWORD value that specifies certificate errors to ignore. This can be a bitwise combination of the following flags.

ValueMeaning
SECURITY_FLAG_IGNORE_REVOCATION
0x00000080

Ignore errors associated with a revoked certificate.

SECURITY_FLAG_IGNORE_UNKNOWN_CA
0x00000100

Ignore errors associated with an unknown certification authority.

SECURITY_FLAG_IGNORE_WRONG_USAGE
0x00000200

Ignore errors associated with the use of a certificate.

SECURITY_FLAG_IGNORE_CERT_CN_INVALID
0x00001000

Ignore errors associated with a certificate that contains a common name that is not valid.

SECURITY_FLAG_IGNORE_CERT_DATE_INVALID
0x00002000

Ignore errors associated with an expired certificate.

 

pwszServerName

A pointer to a null-terminated wide character string that contains the server name. This member is ignored if the value of the dwAuthType member is AUTHTYPE_CLIENT.

If the string is Punycode encoded, then the server name from the certificate, either the DNS name or common name, is converted to a Punycode encoded string. Matching is then performed, label-by-label if the name contains wildcards, or a case-insensitive exact match otherwise.

If the string contains Unicode characters outside of the ASCII character set and the subject name, either the DNS name or common name, is a Punycode encoded string then it is Punycode encoded before comparison.

Requirements

Minimum supported client

Windows XP [desktop apps only]

Minimum supported server

Windows Server 2003 [desktop apps only]

Header
Wincrypt.h

 

 

Show: