The X.509 Basic Constraints extension is used to specify that a certificate belongs to a CA. The X.509 Basic Constraints extension has essentially two parts:
Certificates for CAs must have the Basic Constraints extension encoded. Other certificates should not.
The Basic Constraints extension uses the general-purpose extension structure NPKI_Extension described in Section 4.10, X.509 Extensions.
There is one value specific flag defined for the Basic Constraints extension:
Value |
Name |
Description |
---|---|---|
0xffffffff |
X509_CA_PATH_LENGTH_UNLIMITED |
Compare this value with the value returned in pathLenConstraint from NPKIT_x509BasicConstraintsInfo to determine if the CA path length is unlimited |