RSA BSAFE Cert-C

Certificate Components for C

Crypto-C 6.2.1 Developer's Guide
Search

BASIC_CONSTRAINTS Reference

Represents the Basic Constraints extension for X.509 certificates.

It indicates whether or not the subject of the certificate can act as a CA, and specifies the constraints on that authority. The default criticality for this extension is CRITICAL. A certificate can have only one Basic Constraints extension at a time. Use the BASIC_CONSTRAINTS structure with C_AddExtensionValue() and C_GetExtensionValue().

Samples:

extnhlp.c.

#include <certext.h> 

typedef struct BASIC_CONSTRAINTS {

  unsigned int subjectType;

  int          pathLenConstraint;
} BASIC_CONSTRAINTS;

Data Fields

unsigned int subjectType
 An unsigned int value that indicates whether or not the certificate subject can act as a CA. More...

int pathLenConstraint
 An int value that indicates the maximum number of CA certificates that can follow this certificate in a certification path. More...

Field Documentation

int pathLenConstraint
 

An int value that indicates the maximum number of CA certificates that can follow this certificate in a certification path. This field is meaningful only for a CA certificate.

  • If the subjectType is SUBJECT_TYPE_END_ENTITY, set this field to NOT_IN_USE. Cert-C will ignore it.

    Path-Length Constraint Description
    NOT_IN_USE Field is not used and should be ignored.

  • If the subjectType is SUBJECT_TYPE_CA, set this field to one of the following path-length constraints:

    Path-Length Constraint Description
    UNLIMITED_PATH_LEN The certification path length is unlimited; this certificate can be followed by any number of certificates.
    n The number of CA certificates allowed in the certification path.
    0 Only an end-entity certificate can follow in the path.

unsigned int subjectType
 

An unsigned int value that indicates whether or not the certificate subject can act as a CA. Set subjectType to one of the following types:

Subject Type Description
SUBJECT_TYPE_END_ENTITY Subject is an end entity.
SUBJECT_TYPE_CA Subject can act as a CA.

Copyright (c) 1999-2005 RSA Security Inc. All rights reserved. 067-001001-2720-001-000 - 2.7.2