RSA BSAFE Cert-C
API Reference

NAME_CONSTRAINTS Reference

Contains a Name Constraints extension for X.509 v3 certificates.

This extension is used only in CA certificates. This extension describes the name space where all subject names of subsequent certificates in a certification path must be located. The name constraints can apply to a subject's DN or to a subject's alternative names. The default criticality for this extension is CRITICAL. A certificate can have only one Name Constraints extension at a time. The NAME_CONSTRAINTS structure is used with the C_AddExtensionValue() and C_GetExtensionValue() functions.

Data Fields

permittedSubtreeCount	An `int` value that specifies the number of elements in the permittedSubtrees array.
permittedSubtrees	A pointer to a `GENERAL_SUBTREE` array that contains the subtrees that are to be permitted in the certification path. If permittedSubtrees is present, of all the certificates issued by the subject CA and subsequent CAs in the certification path, only those certificates with subject names within these subtrees are acceptable.
excludedSubtreeCount	An `int` value that specifies the number of elements in the excludedSubtrees array.
excludedSubtree	A pointer to a `GENERAL_SUBTREE` array that contains the subtrees to exclude from the certification path. If excludedSubtrees is present, any certificate issued by the subject CA or subsequent CAs in the certification path that has a subject name within these subtrees is unacceptable. Note: If both permittedSubtrees and excludedSubtrees are present and the name spaces overlap, the exclusion statement takes precedence.

#include <certext.h>

02187 typedef struct NAME_CONSTRAINTS {
02188   unsigned int     permittedSubtreeCount;
02189   GENERAL_SUBTREE *permittedSubtrees;
02190   unsigned int     excludedSubtreeCount;
02191   GENERAL_SUBTREE *excludedSubtrees;
02192 } NAME_CONSTRAINTS;

The documentation for this struct was generated from the following file:

certext.h

RSA BSAFE^® Cert-C 2.7 API Reference