X509_ValidatePath

Validates a certificate path.

VB6/VBA Syntax


Public Declare Function X509_ValidatePath Lib "diCrPKI.dll" (ByVal strCertListOrP7File As String, ByVal strTrustedCert As String, ByVal nOptions As Long) As Long


    nRet = X509_ValidatePath(strCertListOrP7File, strTrustedCert, nOptions)

Parameters

strCertListOrP7File

[in] String either a list of certificate names separated by a semicolon or the name of a PKCS-7 "certs-only" file containing the certificates to be validated.

strTrustedCert

[in] String name of the trusted certificate (or base64 representation).

nOptions

[in] Long option flags:
PKI_X509_NO_TIMECHECK to avoid checking if the certificates are valid now (default = check validity dates against system clock).

C/C++ Syntax


long _stdcall X509_TextDump(const char *szFileOut, const char *szCertFile, long nOptions);

Returns (VB6/C)

Zero if the certification path is valid; PKI_X509_INVALID (+1) if the path is invalid; otherwise a negative error code.

.NET Equivalent

Remarks

A basic validation is carried out confirming that the subject of certificate x is the issuer of certificate x+1, that certficate x was signed by certificate x-1, and that each certificate is valid as at the time on the system clock. Only distinguished names are used to identify subjects and issuers, not alternative names or IDs. Certificate policies are ignored and no checks are made for revocation (use X509_CheckCertInCRL). The order of the certificates in the input list is not important, but a complete chain must exist.

The szTrustedCert parameter is optional if a self-signed trust anchor is included in the list, in which case it must be the same certificate; otherwise it is required. All certificates must be valid at the time the check is made or an error will result, unless the PKI_X509_NO_TIMECHECK option is used. More information on the reason for an invalid path may be available by using PKI_LastError.

Example

Dim nRet As Long Dim strP7cFile As String Dim strTrustedCert As String Dim strCertList As String ' A p7c "certs-only" file which includes a self-signed cert strP7cFile = "testcerts1.p7c" nRet = X509_ValidatePath(strP7cFile, "", 0) Debug.Print "X509_ValidatePath returns " & nRet & " (expected 0)" ' Same again but specify the trusted root cert ' (which is the same as the self-signed cert in the p7c file) strP7cFile = "testcerts1.p7c" strTrustedCert = "testcert00.cer" nRet = X509_ValidatePath(strP7cFile, strTrustedCert, 0) Debug.Print "X509_ValidatePath returns " & nRet & " (expected 0)" ' Specify a cert list - testcert00.cer is the self-signed cert strCertList = "testcert00.cer;testcert03.cer;testcert01.cer;testcert02.cer" nRet = X509_ValidatePath(strCertList, "", 0) Debug.Print "X509_ValidatePath returns " & nRet & " (expected 0)" ' Same again but specify the trusted root cert (this time it is not in the list) strCertList = "testcert01.cer;testcert02.cer;testcert03.cer" strTrustedCert = "testcert00.cer" nRet = X509_ValidatePath(strCertList, strTrustedCert, 0) Debug.Print "X509_ValidatePath returns " & nRet & " (expected 0)"