CERT_CHAIN_CONTEXT structure (wincrypt.h)
The CERT_CHAIN_CONTEXT structure contains an array of simple certificate chains and a trust status structure that indicates summary validity data on all of the connected simple chains.
Syntax
typedef struct _CERT_CHAIN_CONTEXT {
DWORD cbSize;
CERT_TRUST_STATUS TrustStatus;
DWORD cChain;
PCERT_SIMPLE_CHAIN *rgpChain;
DWORD cLowerQualityChainContext;
PCCERT_CHAIN_CONTEXT *rgpLowerQualityChainContext;
BOOL fHasRevocationFreshnessTime;
DWORD dwRevocationFreshnessTime;
DWORD dwCreateFlags;
GUID ChainId;
} CERT_CHAIN_CONTEXT, *PCERT_CHAIN_CONTEXT;
Members
cbSize
The size, in bytes, of this structure.
TrustStatus
A structure that indicates the combined trust status of the simple chains array. The structure includes an error status code and an information status code. For information about status code values, see CERT_TRUST_STATUS.
cChain
The number of simple chains in the array.
rgpChain
An array of pointers to simple chain structures. rgpChain[0] is the end certificate simple chain, and rgpChain[cChain–1] is the final chain. If the end certificate is to be considered valid, the final chain must begin with a certificate contained in the root store or an otherwise trusted, self-signed certificate. If the original chain begins with a trusted certificate, there will be only a single simple chain in the array.
cLowerQualityChainContext
The number of chains in the rgpLowerQualityChainContext array.
rgpLowerQualityChainContext
An array of pointers to CERT_CHAIN_CONTEXT structures. Returned when CERT_CHAIN_RETURN_LOWER_QUALITY_CONTEXTS is set in dwFlags.
fHasRevocationFreshnessTime
A Boolean value set to TRUE if dwRevocationFreshnessTime is available.
dwRevocationFreshnessTime
The largest CurrentTime, in seconds, minus the certificate revocation list's (CRL's) ThisUpdate of all elements checked.
dwCreateFlags
ChainId
Remarks
When a CERT_CHAIN_CONTEXT is built, the first simple chain begins with an end certificate and ends with a self-signed certificate. If that self-signed certificate is not a root or otherwise trusted certificate, an attempt is made to build a new chain. CTLs are used to create the new chain beginning with the self-signed certificate from the original chain as the end certificate of the new chain. This process continues building additional simple chains until the first self-signed certificate is a trusted certificate or until an additional simple chain cannot be built.
Requirements
Requirement | Value |
---|---|
Minimum supported client | Windows XP [desktop apps only] |
Minimum supported server | Windows Server 2003 [desktop apps only] |
Header | wincrypt.h |