X509VerificationFlags 列舉

定義

指定應該進行 X509 鏈結中之憑證驗證的條件。Specifies conditions under which verification of certificates in the X509 chain should be conducted.

此列舉具有 FlagsAttribute 個屬性允許以位元方式合併其成員值。

public enum class X509VerificationFlags
public enum X509VerificationFlags
[System.Flags]
public enum X509VerificationFlags
type X509VerificationFlags = 
Public Enum X509VerificationFlags
繼承
X509VerificationFlags
屬性

欄位

AllFlags 4095

所有驗證相關的旗標全部都包含在內。All flags pertaining to verification are included.

AllowUnknownCertificateAuthority 16

忽略因憑證授權單位 (CA) 不明而導致鏈結無法通過驗證的情形。Ignore that the chain cannot be verified due to an unknown certificate authority (CA).

IgnoreCertificateAuthorityRevocationUnknown 1024

判斷憑證是否通過驗證時,忽略憑證授權單位撤銷狀態不明的情況。Ignore that the certificate authority revocation is unknown when determining certificate verification.

IgnoreCtlNotTimeValid 2

判斷憑證是否通過驗證時,忽略憑證信任清單 (CTL) 無效的狀況,例如 CTL 過期等等。Ignore that the certificate trust list (CTL) is not valid, for reasons such as the CTL has expired, when determining certificate verification.

IgnoreCtlSignerRevocationUnknown 512

判斷憑證是否通過驗證時,忽略憑證信任清單 (CTL) 簽署者撤銷狀態不明的情況。Ignore that the certificate trust list (CTL) signer revocation is unknown when determining certificate verification.

IgnoreEndRevocationUnknown 256

判斷憑證是否通過驗證時,忽略終端憑證 (使用者的憑證) 撤銷狀態不明的情況。Ignore that the end certificate (the user certificate) revocation is unknown when determining certificate verification.

IgnoreInvalidBasicConstraints 8

判斷憑證是否通過驗證時,忽略基本條件約束無效的情形。Ignore that the basic constraints are not valid when determining certificate verification.

IgnoreInvalidName 64

判斷憑證是否通過驗證時,忽略憑證名稱無效的情形。Ignore that the certificate has an invalid name when determining certificate verification.

IgnoreInvalidPolicy 128

判斷憑證是否通過驗證時,忽略憑證原則無效的情形。Ignore that the certificate has invalid policy when determining certificate verification.

IgnoreNotTimeNested 4

驗證憑證時,忽略 CA (憑證授權單位) 憑證有效期間未完全涵蓋所發出憑證有效期間的情形。Ignore that the CA (certificate authority) certificate and the issued certificate have validity periods that are not nested when verifying the certificate. 例如,CA 憑證的有效期間為 1 月 1 日到 12 月 1 日,而已發行憑證的有效期間為 1 月 2 日到 12 月 2 日,這就代表有效期間未呈現巢狀關係。For example, the CA cert can be valid from January 1 to December 1 and the issued certificate from January 2 to December 2, which would mean the validity periods are not nested.

IgnoreNotTimeValid 1

判斷憑證是否有效時,忽略鏈結中無效的憑證,無論這些憑證無效的原因究竟是已經過期或尚未生效。Ignore certificates in the chain that are not valid either because they have expired or they are not yet in effect when determining certificate validity.

IgnoreRootRevocationUnknown 2048

判斷憑證是否通過驗證時,忽略根撤銷狀態不明的情況。Ignore that the root revocation is unknown when determining certificate verification.

IgnoreWrongUsage 32

判斷憑證是否通過驗證時,忽略憑證並非核發給目前使用方式的情形。Ignore that the certificate was not issued for the current use when determining certificate verification.

NoFlag 0

不包含任何與驗證相關的旗標。No flags pertaining to verification are included.

範例

下列範例會開啟目前使用者的個人憑證存儲,讓使用者可以選取憑證,然後將憑證和憑證鏈資訊寫入主控台。The following example opens the current user's personal certificate store, allows the user to select a certificate, then writes certificate and certificate chain information to the console. 輸出取決於您所選取的憑證。The output depends on the certificate you select.

//Output chain information of the selected certificate.
X509Chain ^ ch = gcnew X509Chain;
ch->ChainPolicy->RevocationMode = X509RevocationMode::Online;
ch->Build( certificate );
Console::WriteLine( "Chain Information" );
Console::WriteLine( "Chain revocation flag: {0}", ch->ChainPolicy->RevocationFlag );
Console::WriteLine( "Chain revocation mode: {0}", ch->ChainPolicy->RevocationMode );
Console::WriteLine( "Chain verification flag: {0}", ch->ChainPolicy->VerificationFlags );
Console::WriteLine( "Chain verification time: {0}", ch->ChainPolicy->VerificationTime );
Console::WriteLine( "Chain status length: {0}", ch->ChainStatus->Length );
Console::WriteLine( "Chain application policy count: {0}", ch->ChainPolicy->ApplicationPolicy->Count );
Console::WriteLine( "Chain certificate policy count: {0} {1}", ch->ChainPolicy->CertificatePolicy->Count, Environment::NewLine );
//Output chain information of the selected certificate.
X509Chain ch = new X509Chain();
ch.ChainPolicy.RevocationMode = X509RevocationMode.Online;
ch.Build (certificate);
Console.WriteLine ("Chain Information");
Console.WriteLine ("Chain revocation flag: {0}", ch.ChainPolicy.RevocationFlag);
Console.WriteLine ("Chain revocation mode: {0}", ch.ChainPolicy.RevocationMode);
Console.WriteLine ("Chain verification flag: {0}", ch.ChainPolicy.VerificationFlags);
Console.WriteLine ("Chain verification time: {0}", ch.ChainPolicy.VerificationTime);
Console.WriteLine ("Chain status length: {0}", ch.ChainStatus.Length);
Console.WriteLine ("Chain application policy count: {0}", ch.ChainPolicy.ApplicationPolicy.Count);
Console.WriteLine ("Chain certificate policy count: {0} {1}", ch.ChainPolicy.CertificatePolicy.Count, Environment.NewLine);
'Output chain information of the selected certificate.
Dim ch As New X509Chain()
ch.ChainPolicy.RevocationMode = X509RevocationMode.Online
ch.Build(certificate)
Console.WriteLine("Chain Information")
Console.WriteLine("Chain revocation flag: {0}", ch.ChainPolicy.RevocationFlag)
Console.WriteLine("Chain revocation mode: {0}", ch.ChainPolicy.RevocationMode)
Console.WriteLine("Chain verification flag: {0}", ch.ChainPolicy.VerificationFlags)
Console.WriteLine("Chain verification time: {0}", ch.ChainPolicy.VerificationTime)
Console.WriteLine("Chain status length: {0}", ch.ChainStatus.Length)
Console.WriteLine("Chain application policy count: {0}", ch.ChainPolicy.ApplicationPolicy.Count)
Console.WriteLine("Chain certificate policy count: {0} {1}", ch.ChainPolicy.CertificatePolicy.Count, Environment.NewLine)

備註

這些旗標會指出應該發生鏈驗證的條件。These flags indicate the conditions under which chain verification should occur. 例如,如果應用程式不需要鏈中的憑證時間值有效,則可以使用 IgnoreNotTimeValid 旗標。For example, if an application does not require certificates time values in a chain to be valid, the IgnoreNotTimeValid flag can be used.

適用於