CertAddCRLContextToStore

The CertAddCRLContextToStore function adds a certificate revocation list (CRL) context to the certificate store.

#include <wincrypt.h>
BOOL WINAPI CertAddCRLContextToStore(
  HCERTSTORE hCertStore,                   // in
  PCCRL_CONTEXT pCrlContext,               // in
  DWORD  dwAddDisposition,                 // in
  PCCRL_CONTEXT *ppStoreContext            // out, optional
);
 

Parameters

hCertStore
Handle to the certificate store.
pCrlContext
Pointer to the CRL context that is to be added.
dwAddDisposition
Value that specifies the action to take if a matching CRL or a link to a matching CRL already exists in the store. Currently defined disposition values and their uses are:
CERT_STORE_ADD_NEW
If a matching CRL or a link to a matching CRL exists, the operation fails. GetLastError returns CRYPT_E_EXISTS.
CERT_STORE_ADD_USE_EXISTING
If a matching CRL or a link to a matching CRL exists, that existing CRL is used and properties from the new CRL are added. The function does not fail, but no new CRL is added. If ppCertContext is not NULL, the existing context is duplicated.

If a matching CRL or a link to a matching CRL does not exist, a new CRL is added.

CERT_STORE_ADD_REPLACE_EXISTING
If a matching CRL or a link to a matching CRL exists, the existing CRL or link is deleted and a new CRL is created and added to the store. If a matching CRL or a link to a matching CRL does not exist, one is added.
CERT_STORE_ADD_ALWAYS
Makes no check for an existing matching CRL or link to a matching CRL. A new CRL is always added to the store. This may lead to duplicates in a store.
CERT_STORE_ADD_REPLACE_EXISTING_INHERIT_PROPERTIES.
If a matching CRL exists in the store, the existing context is deleted before creating and adding the new context. The added context inherits properties from the existing CRL
CERT_STORE_ADD_NEWER
If a matching CRL or a link to a matching CRL exists, the function compares the ThisUpdate times on the CRLs. If the existing CRL has a ThisUpdate time less than the ThisUpdate time on the new CRL, the old CRL or link is replaced just as with CERT_STORE_ADD_REPLACE_EXISTING. If the existing CRL has a ThisUpdate time greater than or equal to the ThisUpdate time on the CRL to be added, the function fails with GetLastError returning CRYPT_E_EXISTS.

If a matching CRL or a link to a matching CRL is not found in the store, a new CRL is added to the store.

CERT_STORE_ADD_NEWER_INHERIT_PROPERTIES.
Action is the same as for CERT_STORE_ADD_NEWER except that if an older CRL is replaced, the properties of the older CRL are incorporated into the replacement CRL.
ppCrlContext
Pointer to a pointer to the decoded CRL context. This is an optional parameter, and can be NULL, indicating that the caller does not want a copy of the added or existing CRL. If a copy is made, that context must be freed by using CertFreeCRLContext.

Return Values

TRUE if the function succeeded. FALSE if the function failed.

GetLastError returns the reason for any failures using the following error codes:

CRYPT_E_EXISTS
This error is returned if CERT_STORE_ADD_NEW is set and the CRL already exists in the store or if CERT_STORE_ADD_NEWER is set and a CRL exists in the store with a ThisUpdate date greater than or equal to the ThisUpdate date on the CRL to be added.
E_INVALIDARG
The dwAddDisposition argument specified an invalid add disposition.

Errors from the called functions CertAddEncodedCRLToStore and CertSetCRLContextProperty may be propagated to this function.

Remarks

The CRL context is not duplicated using CertDuplicateCRLContext. Instead, a new copy is created and added to the store. In addition to the encoded CRL, the function copies the context's properties.

Example

See CertAddCertificateContextToStore

Change all references to "certificate" in the example code to "CRL."

QuickInfo

  Windows NT: Requires version 4.0 SP3 or later. Available also in IE 3.02 and later.
  Windows: Requires Windows 95 OSR2 or later.
  Windows CE: Unsupported.
  Header: Declared in wincrypt.h.
  Import Library: Use crypt32.lib.

See Also

CertAddEncodedCRLToStore, CertSetCRLContextProperty