Handler Return Value Requirements

When a function has been found that can perform the revocation verification check, it is called and passed the same parameters originally passed to CertVerifyRevocation, with the exception of rgpvContext[] and cContext. Because a called function has the option to process one or more of the contexts, rgpvContext[] and cContext are updated to specify the remaining count of contexts and the next context to be checked. Also, the cbSize member of pRevStatus has been checked to be equal to or greater than the size of CERT_REVOCATION_STATUS, and the remaining members have been zeroed.

A called revocation verification function reports back it's progress in the same manner that the CertVerifyRevocation return value is specified, with errors handled as follows:

If all the contexts were successfully checked and none were revoked, then TRUE should be returned, otherwise FALSE should be returned.

If FALSE is returned, the following actions should be taken:

Note  CertVerifyRevocation sets LastError to the value returned in the dwError member of pRevStatus.