This structure contains information indicating whether the certified subject can act as a certification authority (CA) or an end entity. If the subject can act as a CA, a certification path length constraint can also be specified.

The CryptDecodeObject function creates an instance of this structure when performed on a CERT_EXTENSION structure's Value member with the structure's pszObjId member set to szOID_BASIC_CONSTRAINTS2.

An instance of this structure can be used as input to the CryptEncodeObject function to create an appropriate CERT_EXTENSION structure.

BOOL fPathLenConstraint;
DWORD dwPathLenConstraint;


  • fCA
    Boolean indicating whether the certificate subject can act as a certification authority (CA) or not.
  • fPathLenConstraint
    Boolean indicating whether the dwPathLenConstraint field limits the maximum length of the certification path. Used only if fCA is TRUE.
  • dwPathLenConstraint
    Maximum number of CA certificates that can follow this certificate in a certification path. A value of zero indicates that the subject of this certificate can issue certificates only to end entities and not to other CAs. Used only if both fCA and fPathLenConstraint are TRUE.


Runs on Versions Defined in Include Link to
Windows CE OS 3.0 or later Wincrypt.h    

Note   This API is part of the complete Windows CE OS package as provided by Microsoft. The functionality of a particular platform is determined by the original equipment manufacturer (OEM) and some devices may not support this API.

See Also


 Last updated on Tuesday, July 13, 2004

© 1992-2000 Microsoft Corporation. All rights reserved.