CERT_REVOCATION_PARA structure (wincrypt.h)

The CERT_REVOCATION_PARA structure is passed in calls to the CertVerifyRevocation function to assist in finding the issuer of the context to be verified. The CERT_REVOCATION_PARA structure is an optional parameter in the CertVerifyRevocation function.

Syntax

typedef struct _CERT_REVOCATION_PARA {
  DWORD                       cbSize;
  PCCERT_CONTEXT              pIssuerCert;
  DWORD                       cCertStore;
  HCERTSTORE                  *rgCertStore;
  HCERTSTORE                  hCrlStore;
  LPFILETIME                  pftTimeToUse;
  DWORD                       dwUrlRetrievalTimeout;
  BOOL                        fCheckFreshnessTime;
  DWORD                       dwFreshnessTime;
  LPFILETIME                  pftCurrentTime;
  PCERT_REVOCATION_CRL_INFO   pCrlInfo;
  LPFILETIME                  pftCacheResync;
  PCERT_REVOCATION_CHAIN_PARA pChainPara;
} CERT_REVOCATION_PARA, *PCERT_REVOCATION_PARA;

Members

cbSize

The size, in bytes, of this structure.

pIssuerCert

A pointer to a CERT_CONTEXT structure that contains the certificate of the issuer of a certificate specified in the rgpvContext array in the CertVerifyRevocation parameter list.

cCertStore

When set, contains the number of elements in the rgCertStore array. Set to zero if you are not supplying a list of store handles in the rgCertStore parameter.

rgCertStore

An array of certificate store handles. Specifies a set of stores that are searched for issuer certificates. If rgCertStore is not set, the default stores are searched.

hCrlStore

Optional store handle. When specified, a handler that uses certificate revocation lists (CRLs) can search this store for CRLs.

pftTimeToUse

A pointer to a FILETIME version of UTC time. When specified, the handler must, if possible, determine revocation status relative to the time given. If NULL or the handler cannot determine the status relative to the pftTimeToUse value, revocation status can be determined independent of time or relative to current time.

dwUrlRetrievalTimeout

This member is defined only if CERT_REVOCATION_PARA_HAS_EXTRA_FIELDS is defined. The time-out, in milliseconds, that the revocation handler will wait when attempting to retrieve revocation information. If it is set to zero, the revocation handler's default time-out is used. If CERT_REVOCATION_PARA_HAS_EXTRA_FIELDS is defined, this member must be set to zero if it is unused.

fCheckFreshnessTime

This member is defined only if CERT_REVOCATION_PARA_HAS_EXTRA_FIELDS is defined. If TRUE, an attempt is made to retrieve a new CRL if the issue date of the CRL is less than or equal to the Current Time minus dwFreshnessTime. If this flag is not set, the CRL's NextUpdate time is used. If CERT_REVOCATION_PARA_HAS_EXTRA_FIELDS is defined, this member must be set to FALSE if it is unused.

dwFreshnessTime

This member is defined only if CERT_REVOCATION_PARA_HAS_EXTRA_FIELDS is defined. The time, in seconds, is used to determine whether an attempt will be made to retrieve a new CRL. If CERT_REVOCATION_PARA_HAS_EXTRA_FIELDS is defined, this member must be set to zero if it is unused.

pftCurrentTime

This member is defined only if CERT_REVOCATION_PARA_HAS_EXTRA_FIELDS is defined. A pointer to a FILETIME structure that is used in the freshness time check. If the value of this pointer is null, the revocation handler uses the current time. If CERT_REVOCATION_PARA_HAS_EXTRA_FIELDS is defined, this member must be set to null if it is unused.

pCrlInfo

This member is defined only if CERT_REVOCATION_PARA_HAS_EXTRA_FIELDS is defined. This member contains a pointer to a PCERT_REVOCATION_CRL_INFO structure that contains CRL context information. The CRL information is only applicable to the last context checked. To access the information in this CRL, call the CertVerifyRevocation function with cContext set to 1. If CERT_REVOCATION_PARA_HAS_EXTRA_FIELDS is defined, the member must be set to null if it is unused.

pftCacheResync

This member is defined only if CERT_REVOCATION_PARA_HAS_EXTRA_FIELDS is defined. This member contains a pointer to a FILETIME structure that specifies the use of cached information. Any information cached before the specified time is considered invalid and new information is retrieved. If CERT_REVOCATION_PARA_HAS_EXTRA_FIELDS is defined, this member must be set to null if it is unused.

Windows Server 2003 and Windows XP:  This member is not used.

pChainPara

This member is defined only if CERT_REVOCATION_PARA_HAS_EXTRA_FIELDS is defined. This member contains a pointer to a CERT_REVOCATION_CHAIN_PARA structure that contains parameters used for building a chain for an independent OCSP signer certificate. If CERT_REVOCATION_PARA_HAS_EXTRA_FIELDS is defined, this member must be set to null if it is unused.

Windows Vista, Windows Server 2003 and Windows XP:  This member is not used in the listed systems. The member is available beginning with Windows Vista with SP1.

Remarks

The CERT_REVOCATION_PARA structure provides additional information that the CertVerifyRevocation function can use to determine the context issuer.

If your application must check the freshness of the CRL or resynchronize the CRL cache, you can provide extra structure members to assist the CertVerifyRevocation function with this. To include the additional structure members, define the constant CERT_REVOCATION_PARA_HAS_EXTRA_FIELDS in your application before including Wincrypt.h

Requirements

Requirement Value
Minimum supported client Windows XP [desktop apps only]
Minimum supported server Windows Server 2003 [desktop apps only]
Header wincrypt.h

See also

CertVerifyRevocation