CERT_SELECT_CHAIN_PARA structure (wincrypt.h)
The CERT_SELECT_CHAIN_PARA structure contains the parameters used for building and selecting chains. This structure is used by the CertGetCertificateChain and CertSelectCertificateChains functions.
Syntax
typedef struct _CERT_SELECT_CHAIN_PARA {
HCERTCHAINENGINE hChainEngine;
PFILETIME pTime;
HCERTSTORE hAdditionalStore;
PCERT_CHAIN_PARA pChainPara;
DWORD dwFlags;
} CERT_SELECT_CHAIN_PARA, *PCERT_SELECT_CHAIN_PARA;
Members
hChainEngine
The handle of the chain engine to use to build the chain. If the value of the hChainEngine parameter is NULL, the default chain engine, HCCE_CURRENT_USER, is used.
pTime
A pointer to a FILETIME structure that contains the time for which the chain is to be validated. If the value of the pTime parameter is NULL, the current system time is passed to this parameter.
hAdditionalStore
The handle of any additional store to search for supporting certificates and certificate trust lists (CTLs). This parameter can be NULL if no additional store is to be searched.
pChainPara
A pointer to a CERT_CHAIN_PARA structure that includes chain-building parameters.
dwFlags
Flag values that indicate special processing during chain build.
Remarks
Trust in a particular certificate being a trusted root is based on the current state of the root store and not the state of the root store at a time passed in by this parameter. For revocation, a certificate revocation list (CRL), itself, must be valid at the current time. The value of this parameter is used to determine whether a certificate listed in a CRL has been revoked.
The following remarks apply to strong signature checking:
- You can enable strong signature checking by using the CERT_CHAIN_PARA structure referenced by the pChainPara member. The pStrongSignPara member of the CERT_CHAIN_PARA structure points to a CERT_STRONG_SIGN_PARA structure that can be used to determine signature strength.
- When you enable strong checking and a weak signature is encountered, the CERT_TRUST_IS_NOT_SIGNATURE_VALID and CERT_TRUST_HAS_WEAK_SIGNATURE errors are set in the dwErrorStatus field of the CERT_TRUST_STATUS structure.
Requirements
Requirement | Value |
---|---|
Minimum supported client | Windows 7 [desktop apps only] |
Minimum supported server | Windows Server 2008 R2 [desktop apps only] |
Header | wincrypt.h |