Application developers that find it necessary to implement an installable revocation handler need to consider the following information.
For each certificate context supplied to CertVerifyRevocation in the rgpvContext array, an attempt is made to call a default revocation handler (function) that is associated with it. The contexts must contain enough information to allow the installable or registered revocation DLLs to find the revocation server. For certificates, this information would normally be conveyed in an extension such as the Internet Engineering Task Force's (IETF) AuthorityInfoAccess extension.
The handler function will check the certificate's revocation status. The certificates are examined sequentially, starting at the first one, rgpvContext[0]. CertVerifyRevocation makes no assumptions about the order of the contexts. For example, for certificates, CertVerifyRevocation doesn't assume a chain of certificates from an end-entity to a self-signed root, although this will often be the case.
The checks are discontinued if a certificate context is found to be revoked, or the revocation status could not be verified for a given context.