Default Revocation-Handler Functions

Default revocation-handler functions get installed or registered in the same manner as explained in OID Overview, with the following exceptions:

The following list describes how CertVerifyRevocation attempts to find the address of a default revocation-handler function to be called:

  1. A check is made for any installed handlers by making an iteration through the CRYPT_OID_VERIFY_REVOCATION_FUNC function's list of installed DEFAULT functions. To iterate through the list of installed DEFAULT functions, CryptGetDefaultOIDFunctionAddress is called with pwszDll = NULL.
  2. If no installed functions are found capable of doing the revocation verification, CertVerifyRevocation then checks for a registered handler by iterating through the CRYPT_OID_VERIFY_REVOCATION_FUNC function's list of registered DEFAULT DLLs. CryptGetDefaultOIDDllList is called to get the list. CryptGetDefaultOIDFunctionAddress is called to load the DLL.

If a function to handle the revocation check is still not found, then the search is abandoned, and CertVerifyRevocation returns FALSE and sets LastError, and the dwError member of pRevStatus, to CRYPT_E_NO_REVOCATION_CHECK or CRYPT_E_NO_REVOCATION_DLL.