For the szOID_NETSCAPE_SSL_SERVER_NAME extension, CryptEncodeObject, CryptEncodeObjectEx, CryptDecodeObject, or CryptDecodeObjectEx can be called with lpszStructType set to X509_ANY_STRING or X509_UNICODE_ANY_STRING.
It is a "shell expression" that can be used to match the hostname of the SSL server that is using this certificate. It is recommended that if the server's hostname does not match this pattern the user be notified and given the option to terminate the SSL connection. If this extension is not present then the CommonName in the certificate subject's distinguished name is used for the same purpose.
The following details apply:
"2.16.840.1.113730.1.12"
pvStructInfo points to a CERT_NAME_VALUE structure. The dwValueType member of the CERT_NAME_VALUE is set to CERT_RDN_IA5_STRING. The Value member's pbData member points to an IA5_STRING that is a "shell expression" that can be used to match the hostname of the SSL server that is using this certificate.
When encoding, use X509_ANY_STRING when the string format in the Value member's pbData member is Ascii, and use X509_UNICODE_ANY_STRING when the string format is UNICODE. For the UNICODE case, before encoding, the string is converted to an IA5_STRING as specified by setting dwValueType to CERT_RDN_IA5_STRING.
For decoding, the user has the option of selecting the format of the string that is output to the CERT_NAME_VALUE structure. Use X509_ANY_STRING when the desired string format is Ascii, and use X509_UNICODE_ANY_STRING when the desired string format is UNICODE.