CERT_SELECT_CRITERIA structure (wincrypt.h)

The CERT_SELECT_CRITERIA structure specifies selection criteria that is passed to the CertSelectCertificateChains function.

Syntax

typedef struct _CERT_SELECT_CRITERIA {
  DWORD dwType;
  DWORD cPara;
  void  **ppPara;
} CERT_SELECT_CRITERIA, *PCERT_SELECT_CRITERIA;

Members

dwType

Specifies the type of selection criteria used for the ppPara member. This member can have one of the following values.

Value Meaning
CERT_SELECT_BY_ENHKEY_USAGE
1
Select certificates based on a specific enhanced key usage. When this flag is set, the ppPara must reference a null-terminated object identifier (OID) ANSI string that specifies the enhanced key usage.

This criteria is evaluated on the certificate.

CERT_SELECT_BY_KEY_USAGE
2
Select certificates based on a specific szOID_KEY_USAGE extension in the certificate. When this flag is set, the ppPara member must reference a CERT_EXTENSION structure where the value of the extension is a DWORD that identifies the Key Usage bits.

This criteria is evaluated on the certificate.

CERT_SELECT_BY_POLICY_OID
3
Select certificates based on a specific issuance policy. The ppPara member must reference a null-terminated OID ANSI string of the desired issuance policy.

This criteria is evaluated on the issuance policy of the certificate chain.

CERT_SELECT_BY_PROV_NAME
4
Select certificates based on a specific private key provider. The ppPara member must reference a null-terminated Unicode string that represents the name of the provider.
CERT_SELECT_BY_EXTENSION
5
Select certificates based on the presence of a specified extension and an optional specified value. The ppPara member must reference a CERT_EXTENSION structure that specifies the extension OID and the associated value.
CERT_SELECT_BY_SUBJECT_HOST_NAME
6
Select certificates based on the Subject DNS HOST Name. The ppPara member must reference a null-terminated Unicode string that contains the subject host name. The selection performed based on this flag is the same as the evaluation of the pwszServerName member of the SSL_EXTRA_CERT_CHAIN_POLICY_PARA structure during a call to the CertVerifyCertificateChainPolicy function.

This criteria is evaluated on the certificate.

CERT_SELECT_BY_ISSUER_ATTR
7
Select certificates based on the relative distinguished name (RDN) element of the issuer of the certificate. The ppPara member must reference a CERT_RDN structure that contains the RDN element of the issuer.

This criteria is evaluated on the certificate chain.

CERT_SELECT_BY_SUBJECT_ATTR
8
Select certificates based on the RDN element in the Subject of the certificate. The ppPara member must be a reference to a CERT_RDN structure that contains the RDN element of the Subject.

This criteria is evaluated on the certificate.

CERT_SELECT_BY_ISSUER_NAME
9
Select certificates based on the issuer of the certificate. The ppPara member must be a reference to a CERT_NAME_BLOB structure that contains the name of the issuer.

This criteria is evaluated on the certificate chain.

CERT_SELECT_BY_PUBLIC_KEY
10
Select certificates based on the public key of the certificate. The ppPara member must reference a pointer to a CERT_PUBLIC_KEY_INFO structure that contains the public key.

This criteria is evaluated on the certificate.

CERT_SELECT_BY_TLS_SIGNATURES
11
Select certificates based on the Transport Layer Security protocol (TLS) Signature requirement. The ppPara member must reference a SecPkgContext_SupportedSignatures structure.

This criteria is evaluated on the certificate.

cPara

A DWORD value that specifies the number of search attributes specified in the ppPara member.

ppPara

A pointer to a pointer to one or more selection values. The data type depends on the selection type specified by the dwType member. If more than one selection value is present, an application must match only one value.

Requirements

Requirement Value
Minimum supported client Windows 7 [desktop apps only]
Minimum supported server Windows Server 2008 R2 [desktop apps only]
Header wincrypt.h