Export (0) Print
Expand All
Expand Minimize

CertGetCRLFromStore function

The CertGetCRLFromStore function gets the first or next certificate revocation list (CRL) context from the certificate store for the specified issuer. The function also performs the enabled verification checks on the CRL. The new Certificate Chain Verification Functions are recommended instead of this function.

Syntax


PCCRL_CONTEXT WINAPI CertGetCRLFromStore(
  _In_      HCERTSTORE hCertStore,
  _In_opt_  PCCERT_CONTEXT pIssuerContext,
  _In_      PCCRL_CONTEXT pPrevCrlContext,
  _Inout_   DWORD *pdwFlags
);

Parameters

hCertStore [in]

Handle of a certificate store.

pIssuerContext [in, optional]

A pointer to an issuer CERT_CONTEXT. The pIssuerContext pointer can come from this store or another store, or could have been created by the calling CertCreateCertificateContext. If NULL is passed for this parameter, all the CRLs in the store are found.

pPrevCrlContext [in]

A pointer to a CRL_CONTEXT. An issuer can have multiple CRLs. For example, it can generate delta CRLs by using an X.509 version 3 extension. This parameter must be NULL on the first call to get the CRL. To get the next CRL for the issuer, the parameter is set to the CRL_CONTEXT returned by a previous call. A non-NULLpPrevCrlContext is always freed by this function by calling CertFreeCRLContext, even for an error.

pdwFlags [in, out]

The following flag values are defined to enable verification checks on the returned CRL. These flags can be combined using a bitwise-OR operation.

ValueMeaning
CERT_STORE_SIGNATURE_FLAG

Uses the public key in the issuer's certificate to verify the signature on the returned CRL.

CERT_STORE_TIME_VALIDITY_FLAG

Gets the current time and verifies that it is within the time between the CRL's ThisUpdate and NextUpdate.

CERT_STORE_BASE_CRL_FLAG

Gets a base CRL.

CERT_STORE_DELTA_CRL_FLAG

Gets a delta CRL.

 

If an enabled verification check succeeds, its flag is set to zero.

If an enabled verification check fails, its flag remains set upon return. If pIssuerContext is NULL, then an enabled CERT_STORE_SIGNATURE_FLAG always fails and the CERT_STORE_NO_ISSUER_FLAG is also set. For more details, see Remarks.

If only one of CERT_STORE_BASE_CRL_FLAG or CERT_STORE_DELTA_CRL_FLAG is set, this function returns either a base or delta CRL and the appropriate base or delta flag will be cleared on return. If both flags are set, only one of the flags will be cleared.

For a verification check failure, a pointer to the first or next CRL_CONTEXT is still returned and GetLastError is not updated.

Return value

If the function succeeds, the return value is a pointer to a read-only CRL_CONTEXT.

If the function fails and the first or next CRL is not found, the return value is NULL.

The returned CRL_CONTEXT must be freed by calling CertFreeCRLContext. However, when the returned CRL_CONTEXT is supplied for pPrevCrlContext on a subsequent call, the function frees it.

For extended error information, call GetLastError. Some possible error codes follow.

ValueDescription
E_INVALIDARG

The handle in the hCertStore parameter is not the same as that in the CRL context pointed to by the pPrevCrlContext parameter, or an unsupported flag was set in pdwFlags.

CRYPT_E_NOT_FOUND

Either no CRLs existed in the store for the issuer, or the function reached the end of the store's list.

 

Remarks

CertDuplicateCRLContext can be called to make a duplicate CRL.

The hexadecimal values of the flags can be combined using a bitwise-OR operation to enable both verifications. For example, to enable both verifications, the DWORD value pointed to by pdwFlags is set to value CERT_STORE_SIGNATURE_FLAG | CERT_STORE_TIME_VALIDITY_FLAG. If the CERT_STORE_SIGNATURE_FLAG verification succeeded, but CERT_STORE_TIME_VALIDITY_FLAG verification failed, the DWORD value pointed to by pdwFlags is set to CERT_STORE_TIME_VALIDITY_FLAG when the function returns.

Requirements

Minimum supported client

Windows XP [desktop apps only]

Minimum supported server

Windows Server 2003 [desktop apps only]

Header

Wincrypt.h

Library

Crypt32.lib

DLL

Crypt32.dll

See also

Certificate Revocation List Functions
CertCreateCertificateContext
CertDuplicateCRLContext
CertFreeCRLContext
CertGetCRLContextProperty
CRL_CONTEXT

 

 

Community Additions

ADD
Show:
© 2014 Microsoft