This section contains a summary of changes made to the functions after the SDR:
The dwAddDisposition and ppStoreContext parameters were added. For SDR compatibility, set them to CERT_STORE_ADD_USE_EXISTING and NULL respectively.
Renamed to CertAddEncodedCertificateToStore. The dwAddDisposition parameter was added. For SDR compatibility, set this parameter to CERT_STORE_ADD_USE_EXISTING.
The dwAddDisposition and ppStoreContext parameters were added. For SDR compatibility, set them to CERT_STORE_ADD_USE_EXISTING and NULL respectively.
Renamed to CertAddEncodedCRLToStore. The dwAddDisposition parameter was added. For SDR compatibility, set this parameter to CERT_STORE_ADD_USE_EXISTING.
The dwFlags parameter was added. You can set the CERT_CLOSE_STORE_FORCE_FLAG to force all contexts to be released and the store's memory to be freed.
You can set the CERT_CLOSE_STORE_CHECK_FLAG to check that this is the last close store and all contexts have been released.
The following find types were added to help find a certificate containing the specified subject/issuer name string:
CERT_FIND_SUBJECT_STR_A
CERT_FIND_SUBJECT_STR_W | CERT_FIND_SUBJECT_STR
CERT_FIND_ISSUER_STR_A
CERT_FIND_ISSUER_STR_W | CERT_FIND_ISSUER_STR
The following type was added to help find a certificate having a CERT_KEY_SPEC_PROP_ID property matching the specified key spec:
CERT_FIND_KEY_SPEC
The following predefined properties were added for these functions: CERT_KEY_CONTEXT_PROP_ID and CERT_KEY_SPEC_PROP_ID. The range of user definable properties was changed from 8…31 to 0x8000…0xFFFF (CERT_FIRST_USER_PROP_ID … CERT_LAST_USER_PROP_ID).
The first parameter identifies the provider type. It's type was changed from a DWORD to an LPCSTR, and more predefined provider types were added. Also, OID installable and registerable providers are now supported. See Reference Overview for a complete list of the predefined provider types, and for details about installable certificate store providers.
The provider type constants defined in the SDR are still valid.
The behavior of CertOpenStore when the hCryptProv parameter is zero was changed as follows:
If hCryptProv is zero, then, the default provider and container for the PROV_RSA_FULL provider type is acquired via a call to CryptAcquireContext with the CRYPT_VERIFYCONTEXT flag set. However, the call to CryptAcquireContext is deferred until the first create hash or verify signature is required. In addition, once acquired, the default provider isn't released until the current process exits. The acquired default provider is shared across all stores and threads.
The dwMsgAndCertEncodingType, dwSaveAs and dwSaveTo parameters were added. The SDR version only supported saving the serialized store to a file. Now it supports saving as either a serialized store or PKCS #7 message to a file or memory.
Renamed to CertVerifySubjectCertificateContext.