X509VerificationFlags Enum


指定应对 X509 链中证书进行验证的条件。Specifies conditions under which verification of certificates in the X509 chain should be conducted.

This enumeration has a FlagsAttribute attribute that allows a bitwise combination of its member values.

public enum class X509VerificationFlags
public enum X509VerificationFlags
type X509VerificationFlags = 
Public Enum X509VerificationFlags


AllFlags 4095

包含所有与验证相关的标志。All flags pertaining to verification are included.

AllowUnknownCertificateAuthority 16

忽略由于证书颁发机构 (CA) 未知而无法对链进行验证的情况。Ignore that the chain cannot be verified due to an unknown certificate authority (CA).

IgnoreCertificateAuthorityRevocationUnknown 1024

确定证书验证时,忽略证书颁发机构吊销未知的情况。Ignore that the certificate authority revocation is unknown when determining certificate verification.

IgnoreCtlNotTimeValid 2

确定证书验证时,忽略由于 CTL 已过期等原因导致证书信任列表 (CTL) 无效的情况。Ignore that the certificate trust list (CTL) is not valid, for reasons such as the CTL has expired, when determining certificate verification.

IgnoreCtlSignerRevocationUnknown 512

确定证书验证时,忽略证书信任列表 (CTL) 签名者吊销未知的情况。Ignore that the certificate trust list (CTL) signer revocation is unknown when determining certificate verification.

IgnoreEndRevocationUnknown 256

确定证书验证时,忽略最终证书(用户证书)吊销未知的情况。Ignore that the end certificate (the user certificate) revocation is unknown when determining certificate verification.

IgnoreInvalidBasicConstraints 8

确定证书验证时,忽略基本约束无效的情况。Ignore that the basic constraints are not valid when determining certificate verification.

IgnoreInvalidName 64

确定证书验证时,忽略证书具有无效名称的情况。Ignore that the certificate has an invalid name when determining certificate verification.

IgnoreInvalidPolicy 128

确定证书验证时,忽略证书具有无效策略的情况。Ignore that the certificate has invalid policy when determining certificate verification.

IgnoreNotTimeNested 4

证书验证时,忽略 CA(证书颁发机构)证书和所颁发证书的有效期不重叠的情况。Ignore that the CA (certificate authority) certificate and the issued certificate have validity periods that are not nested when verifying the certificate. 例如,CA 证书的有效期可为 1 月 1 日至 12 月 1 日,而颁发证书的有效期为 1 月 2 日至 12 月 2 日,这就意味着有效期不嵌套。For example, the CA cert can be valid from January 1 to December 1 and the issued certificate from January 2 to December 2, which would mean the validity periods are not nested.

IgnoreNotTimeValid 1

确定证书验证时,忽略链中因已过期或尚未生效而无效的证书。Ignore certificates in the chain that are not valid either because they have expired or they are not yet in effect when determining certificate validity.

IgnoreRootRevocationUnknown 2048

确定证书验证时,忽略根吊销未知的情况。Ignore that the root revocation is unknown when determining certificate verification.

IgnoreWrongUsage 32

确定证书验证时,忽略证书不是为当前使用而颁发的情况。Ignore that the certificate was not issued for the current use when determining certificate verification.

NoFlag 0

不包含任何与验证相关的标志。No flags pertaining to verification are included.


下面的示例将打开当前用户的个人证书存储区,允许用户选择证书,然后将证书和证书链信息写入控制台。The following example opens the current user's personal certificate store, allows the user to select a certificate, then writes certificate and certificate chain information to the console. 输出取决于所选的证书。The output depends on the certificate you select.

//Output chain information of the selected certificate.
X509Chain ^ ch = gcnew X509Chain;
ch->ChainPolicy->RevocationMode = X509RevocationMode::Online;
ch->Build( certificate );
Console::WriteLine( "Chain Information" );
Console::WriteLine( "Chain revocation flag: {0}", ch->ChainPolicy->RevocationFlag );
Console::WriteLine( "Chain revocation mode: {0}", ch->ChainPolicy->RevocationMode );
Console::WriteLine( "Chain verification flag: {0}", ch->ChainPolicy->VerificationFlags );
Console::WriteLine( "Chain verification time: {0}", ch->ChainPolicy->VerificationTime );
Console::WriteLine( "Chain status length: {0}", ch->ChainStatus->Length );
Console::WriteLine( "Chain application policy count: {0}", ch->ChainPolicy->ApplicationPolicy->Count );
Console::WriteLine( "Chain certificate policy count: {0} {1}", ch->ChainPolicy->CertificatePolicy->Count, Environment::NewLine );
//Output chain information of the selected certificate.
X509Chain ch = new X509Chain();
ch.ChainPolicy.RevocationMode = X509RevocationMode.Online;
ch.Build (certificate);
Console.WriteLine ("Chain Information");
Console.WriteLine ("Chain revocation flag: {0}", ch.ChainPolicy.RevocationFlag);
Console.WriteLine ("Chain revocation mode: {0}", ch.ChainPolicy.RevocationMode);
Console.WriteLine ("Chain verification flag: {0}", ch.ChainPolicy.VerificationFlags);
Console.WriteLine ("Chain verification time: {0}", ch.ChainPolicy.VerificationTime);
Console.WriteLine ("Chain status length: {0}", ch.ChainStatus.Length);
Console.WriteLine ("Chain application policy count: {0}", ch.ChainPolicy.ApplicationPolicy.Count);
Console.WriteLine ("Chain certificate policy count: {0} {1}", ch.ChainPolicy.CertificatePolicy.Count, Environment.NewLine);
'Output chain information of the selected certificate.
Dim ch As New X509Chain()
ch.ChainPolicy.RevocationMode = X509RevocationMode.Online
Console.WriteLine("Chain Information")
Console.WriteLine("Chain revocation flag: {0}", ch.ChainPolicy.RevocationFlag)
Console.WriteLine("Chain revocation mode: {0}", ch.ChainPolicy.RevocationMode)
Console.WriteLine("Chain verification flag: {0}", ch.ChainPolicy.VerificationFlags)
Console.WriteLine("Chain verification time: {0}", ch.ChainPolicy.VerificationTime)
Console.WriteLine("Chain status length: {0}", ch.ChainStatus.Length)
Console.WriteLine("Chain application policy count: {0}", ch.ChainPolicy.ApplicationPolicy.Count)
Console.WriteLine("Chain certificate policy count: {0} {1}", ch.ChainPolicy.CertificatePolicy.Count, Environment.NewLine)


这些标志指示应发生链验证的条件。These flags indicate the conditions under which chain verification should occur. 例如,如果应用程序不要求链中的证书时间值有效,则可以使用 IgnoreNotTimeValid 标志。For example, if an application does not require certificates time values in a chain to be valid, the IgnoreNotTimeValid flag can be used.

Applies to