RSA Security logo

RSA BSAFE Cert-C
API Reference

BASIC_CONSTRAINTS Reference

Represents the Basic Constraints extension for X.509 certificates.

It indicates whether or not the subject of the certificate can act as a CA, and specifies the constraints on that authority. The default criticality for this extension is CRITICAL. A certificate can have only one Basic Constraints extension at a time. Use the BASIC_CONSTRAINTS structure with the C_AddExtensionValue() and C_GetExtensionValue() functions.

Data Fields
subjectType An unsigned int value that indicates whether or not the certificate subject can act as a CA. Set subjectType to one of the following types:

Subject Type Description
SUBJECT_TYPE_END_ENTITY Subject is an end entity.
SUBJECT_TYPE_CA Subject can act as a CA.

pathLenConstraint An int value that indicates the maximum number of CA certificates that can follow this certificate in a certification path. This field is meaningful only for a CA certificate.
  • If the subjectType is SUBJECT_TYPE_END_ENTITY, set this field to NOT_IN_USE. Cert-C will ignore it.

    Path-Length Constraint Description
    NOT_IN_USE Field is not used and should be ignored.
  • If the subjectType is SUBJECT_TYPE_CA, set this field to one of the following path-length constraints:

    Path-Length Constraint Description
    UNLIMITED_PATH_LEN The certification path length is unlimited; this certificate can be followed by any number of certificates.
    n The number of CA certificates allowed in the certification path.
    0 Only an end-entity certificate can follow in the path.

#include <certext.h> 

01861 typedef struct BASIC_CONSTRAINTS {
01862   unsigned int subjectType;       /* either SUBJECT_TYPE_CA or SUBJECT_TYPE_END_ENTITY */
01863   int          pathLenConstraint; /* this field is ignored if value of subjectType
01864                                      is not SUBJECT_TYPE_CA.  If the value is
01865                                      UNLIMITED_PATH_LEN, then there is no limit to
01866                                      the length of the certificate path. Otherwise,
01867                                      it specifies the length of the certificate path */
01868 } BASIC_CONSTRAINTS;
The documentation for this struct was generated from the following file:

RSA BSAFE® Cert-C 2.7 API Reference