CertAddCRLLinkToStore

[This is preliminary documentation and subject to change.]

The CertAddCRLLinkToStore function adds a link in a store to a CRL context in a different store. Instead of creating and adding a duplicate of the CRL, this function adds a link to the original CRL context wherever it may be. Since the link provides access to an original CRL context, setting an extended property in the linked CRL context changes the property as seen in the CRL's original location and by any other links to that CRL. 

#include <wincrypt.h>
BOOL WINAPI CertAddCRLLinkToStore(
  HCERTSTORE hCertStore,                   // in
  PCCRL_CONTEXT pCRLContext,               // in
  DWORD dwAddDisposition,                  // in
  PCCRL_CONTEXT *ppStoreContext            // out optional
);

Parameters

hCertStore
Handle to the certificate store where the link is to be added.
pCRLContext
Pointer to the CRL context that is to be linked.
dwAddDisposition
Value that specifies the action to take if a matching CRL or a link to a matching CRL exists in the store. Currently defined disposition values and their uses are:
CERT_STORE_ADD_NEW
If a matching CRL or a link to a matching CRL exists, the operation fails. GetLastError returns CRYPT_E_EXISTS.
CERT_STORE_ADD_USE_EXISTING
If a matching CRL or a link to a matching CRL exists that existing link is used. The function does not fail, but no new link is added. If a matching CRL or link to a CRL does not exist, a new link is added.
CERT_STORE_ADD_REPLACE_EXISTING
If a link to the matching CRL exists, that existing link is deleted and a new link is created and added to the store. If a matching CRL or a link to a matching CRL does not exist, a new link is added.
CERT_STORE_ADD_ALWAYS
Makes no check for an existing matching CRL or link to a matching CRL. A new link is always added to the store. This may lead to duplicates in a store.
CERT_STORE_ADD_NEWER
If a matching CRL or a link to a matching CRL exists, the ThisUpdate times on the CRLs are compared. If the existing CRL has a ThisUpdate time less than the ThisUpdate time on the new CRL, the old link is replaced just as with CERT_STORE_ADD_REPLACE_EXISTING. If the existing CRL has a ThisUpdate time greater than or equal to the ThisUpdate time on the CRL to be added, the function fails with GetLastError returning CRYPT_E_EXISTS.

If a matching CRL or a link to a matching CRL is not found in the store, a new link is added to the store.

ppStoreContext
Pointer to a pointer of a copy of the link created. ppStoreContext can be NULL to indicate that a copy of the link is not needed. If a copy of the link is created, that copy must be freed using CertFreeCRLContext.

Return Values

TRUE if the function succeeded. FALSE if the function failed.

GetLastError returns the code for any failures using the following error codes:

Error code Description
CRYPT_E_EXISTS For a dwAddDisposition of CERT_STORE_ADD_NEW, the CTL already exists in the store.
E_INVALIDARG Invalid add disposition specified by the dwAddDisposition argument.

Remarks

Links cannot be added to a store that is opened as a collection. Stores opened as collections include all stores opened with CertOpenSystemStore or CertOpenStore using CERT_STORE_PROV_SYSTEM or CERT_STORE_PROV_COLLECTION. Also see CertAddStoreToCollection.

If links are used and CertCloseStore is called with CERT_CLOSE_STORE_FORCE_FLAG, the store using links must be closed before the store containing the original contexts can be closed. If CERT_CLOSE_STORE_FORCE_FLAG is not used, the two stores may be closed in either order.

Example

See the example with CertAddCertificateLinkToStore. This example will hold for CertAddCRLLinkToStore if all the references to "certificate" are changed to "CRL."

QuickInfo

  Windows NT: Requires version 5.0 or later.
  Windows: Unsupported.
  Windows CE: Unsupported.
  Header: Declared in wincrypt.h.
  Import Library: Use crypt32.lib.

See Also

CertOpenSystemStore, CertAddStoreToCollection, CertAddCTLLinkToStore, CertAddCertificateLinkToStore, CertFreeCRLContext