RSA BSAFE Cert-C API Reference

Certificate Path Processing Service Provider

Use the Cert-C Certificate Path Processing service provider to implement certificate path processing. This service provider can implement certificate path processing in two ways. The first is based on the information in X.509 v1 certificates. This type of certificate path processing creates a chain of certificates using only the issuer name and serial number to verify that there is a path to a trusted certificate.

The second type of certificate path processing uses X.509 v3 certificate information and implements the PKIX and PKIX2 certificate path algorithms.

• The PKIX certificate path algorithm is described in the Certificate Path Validation Section in RFC 2459.
• The PKIX2 certificate path algorithm is described in draft-ietf-pkix-new-part1-12.txt that is also known as "son-of-2459."

To initialize or register the Cert-C Certificate Path Processing service provider, call either the C_InitializeCertC or C_RegisterService function. Both functions take SERVICE_HANDLER as a parameter. The Initialize member in SERVICE_HANDLER points to the S_InitializePKIXPath function and the corresponding parameter is NULL_PTR. This function initializes the Cert-C Certificate Path Processing service provider's implementation of the path processing functions and stores pointers to them in the path member in SERVICE_FUNCS, which is a CERT_PATH_FUNCS structure. S_InitializePKIXPath is never called directly by the application.

To use the Cert-C Certificate Path Processing service provider in an application, link in the certcsp library and include the pkixpath.h header file. The chain sample program uses this service provider.