The CAPICOM_CHECK_FLAG enumeration type defines the conditions for which a certificate chain is to be checked.
|CAPICOM_CHECK_NONE||No validity checking is done.
|CAPICOM_CHECK_TRUSTED_ROOT||Checks for a trusted root of the certificate chain.
|CAPICOM_CHECK_TIME_VALIDITY||Checks the time validity of all certificates in the chain.
|CAPICOM_CHECK_SIGNATURE_VALIDITY||Checks for valid signatures on all certificates in the chain.
|CAPICOM_CHECK_ONLINE_REVOCATION_STATUS||Checks the revocation status of all certificates in the chain using certificate revocation lists (CRLs) available online. CRLs are downloaded using the CRL distribution point (CDP) extension in the certificate.
If the CRL has been downloaded and has not expired, CAPICOM uses it and does not go online. If a CRL has not been downloaded or is out of date, CAPICOM goes online to attempt to download the CRL.
This flag is ignored if CAPICOM_CHECK_OFFLINE_REVOCATION_STATUS is also specified.
|CAPICOM_CHECK_OFFLINE_REVOCATION_STATUS||Checks the revocation status of all certificates in the chain using only offline CRLs.
|CAPICOM_CHECK_COMPLETE_CHAIN||Checks the complete chain. Introduced in CAPICOM 2.0.
|CAPICOM_CHECK_NAME_CONSTRAINTS||Checks name constraints. Introduced in CAPICOM 2.0.
|CAPICOM_CHECK_BASIC_CONSTRAINTS||Checks basic constraints. Introduced in CAPICOM 2.0.
|CAPICOM_CHECK_NESTED_VALIDITY_PERIOD||Checks nested validity. Introduced in CAPICOM 2.0.
|CAPICOM_CHECK_ONLINE_ALL||Checks all conditions except CAPICOM_CHECK_OFFLINE_REVOCATION_STATUS. Revocation checks are performed on all certificates in the chain except for the root certificate. Introduced in CAPICOM 2.0.
|CAPICOM_CHECK_OFFLINE_ALL||Checks all conditions except CAPICOM_CHECK_ONLINE_REVOCATION_STATUS. Revocation checks are performed on all certificates in the chain except for the root certificate. Introduced in CAPICOM 2.0.
||CAPICOM 2.0 or later on Windows Server 2003 and Windows XP