Default Revocation-Handler Functions

Default revocation-handler functions get installed or registered in the same manner as explained in OID Overview, with the following exceptions:

• When installing a default revocation-handler function, call CryptInstallOIDFunctionAddress, with its rgFuncEntry[].pszOID parameter set to CRYPT_DEFAULT_OID.
• When registering a default revocation-handler function, call CryptRegisterDefaultOIDFunction.

The following list describes how CertVerifyRevocation attempts to find the address of a default revocation-handler function to be called:

1. A check is made for any installed handlers by making an iteration through the CRYPT_OID_VERIFY_REVOCATION_FUNC function's list of installed DEFAULT functions. To iterate through the list of installed DEFAULT functions, CryptGetDefaultOIDFunctionAddress is called with pwszDll = NULL.
2. If no installed functions are found capable of doing the revocation verification, CertVerifyRevocation then checks for a registered handler by iterating through the CRYPT_OID_VERIFY_REVOCATION_FUNC function's list of registered DEFAULT DLLs. CryptGetDefaultOIDDllList is called to get the list. CryptGetDefaultOIDFunctionAddress is called to load the DLL.

If a function to handle the revocation check is still not found, then the search is abandoned, and CertVerifyRevocation returns FALSE and sets LastError, and the dwError member of pRevStatus, to CRYPT_E_NO_REVOCATION_CHECK or CRYPT_E_NO_REVOCATION_DLL.