The CertAddCRLLinkToStore function adds a link in a store to a certificate revocation list (CRL) context in a different store. Instead of creating and adding a duplicate of the CRL, this function adds a link to the original CRL context.
BOOL WINAPI CertAddCRLLinkToStore( _In_ HCERTSTORE hCertStore, _In_ PCCRL_CONTEXT pCrlContext, _In_ DWORD dwAddDisposition, _Out_opt_ PCCRL_CONTEXT *ppStoreContext );
- hCertStore [in]
Handle of a certificate store where the link is to be added.
- pCrlContext [in]
A pointer to the CRL_CONTEXT structure to be linked.
- dwAddDisposition [in]
Specifies the action to take if a matching CRL or a link to a matching CRL exists in the store. Currently defined disposition values and their uses are as follows.
Makes no check for an existing matching CRL or link to a matching CRL. A new link is always added to the store. This can lead to duplicates in a store.
If a matching CRL or a link to a matching CRL exists, the operation fails. GetLastError returns the CRYPT_E_EXISTS code.
If a matching CRL or a link to a matching CRL exists, the ThisUpdate times on the CRLs are compared. If the existing CRL has a ThisUpdate time less than the ThisUpdate time on the new CRL, the old link is replaced just as with CERT_STORE_ADD_REPLACE_EXISTING. If the existing CRL has a ThisUpdate time greater than or equal to the ThisUpdate time on the CRL to be added, the function fails with GetLastError returning the CRYPT_E_EXISTS code.
If a matching CRL or a link to a matching CRL is not found in the store, a new link is added to the store.
If a link to the matching CRL exists, that existing link is deleted and a new link is created and added to the store. If a matching CRL or a link to a matching CRL does not exist, a new link is added.
If a matching CRL or a link to a matching CRL exists, that existing link is used. The function does not fail, but no new link is added. If a matching CRL or link to a CRL does not exist, a new link is added.
- ppStoreContext [out, optional]
A pointer to a pointer of a copy of the link created. The ppStoreContext parameter can be NULL to indicate that a copy of the link is not needed. If a copy of the link is created, that copy must be freed using CertFreeCRLContext.
If the function succeeds, the return value is TRUE.
If the function fails, the return value is FALSE. For extended error information, call GetLastError. Some possible error codes follow.
For a dwAddDisposition of CERT_STORE_ADD_NEW, the CTL already exists in the store.
A disposition value that is not valid was specified in the dwAddDisposition parameter.
Because the link provides access to an original CRL context, setting an extended property in the linked CRL context changes that extended property in the CRL's original location and in any other links to that CRL.
Links cannot be added to a store that is opened as a collection. Stores opened as collections include all stores opened with CertOpenSystemStore or CertOpenStore using CERT_STORE_PROV_SYSTEM or CERT_STORE_PROV_COLLECTION. For more information, see CertAddStoreToCollection.
If links are used and CertCloseStore is called with CERT_CLOSE_STORE_FORCE_FLAG, the store using links must be closed before the store containing the original contexts can be closed. If CERT_CLOSE_STORE_FORCE_FLAG is not used, the two stores can be closed in either order.
To remove the CRL context link from the certificate store, use the CertDeleteCRLFromStore function.
Minimum supported client
|Windows XP [desktop apps only]|
Minimum supported server
|Windows Server 2003 [desktop apps only]|
- Certificate Revocation List Functions