CRL_DIST_POINT

The CRL_DIST_POINT structure identifies a CRL distribution point to which a certificate user should refer to ascertain if the certificate has been revoked. A certificate user can obtain a CRL from an applicable distribution point or it can obtain a current complete CRL from the CA directory entry.

typedef struct _CRL_DIST_POINT {
    CRL_DIST_POINT_NAME     DistPointName;      // OPTIONAL
    CRYPT_BIT_BLOB          ReasonFlags;        // OPTIONAL
    CERT_ALT_NAME_INFO      CRLIssuer;          // OPTIONAL
} CRL_DIST_POINT, *PCRL_DIST_POINT;

Members

DistPointName

Identifies the location from which the CRL can be obtained. If this component is absent, the distribution point name defaults to the CRL issuer name.

ReasonFlags

Indicates the revocation reasons covered by this CRL.

If the reasons component is absent, the corresponding CRL distribution point distributes a CRL which will contain an entry for this certificate if this certificate has been revoked, regardless of the revocation reason. Otherwise, the value indicates which revocation reasons are covered by the corresponding CRL distribution point.

Currently defined ReasonFlags values are shown in the following table.

ReasonFlags Value

CRL_REASON_UNUSED_FLAG 0x80

CRL_REASON_KEY_COMPROMISE_FLAG 0x40

CRL_REASON_CA_COMPROMISE_FLAG 0x20

CRL_REASON_AFFILIATION_CHANGED_FLAG 0x10

CRL_REASON_SUPERSEDED_FLAG 0x08

CRL_REASON_CESSATION_OF_OPERATION_FLAG 0x04

CRL_REASON_CERTIFICATE_HOLD_FLAG 0x02

CRLIssuer

Identifies the authority that issues and signs the CRL. If absent, the CRL issuer name defaults to the certificate issuer name.

ReasonFlags	Value
CRL_REASON_UNUSED_FLAG	0x80
CRL_REASON_KEY_COMPROMISE_FLAG	0x40
CRL_REASON_CA_COMPROMISE_FLAG	0x20
CRL_REASON_AFFILIATION_CHANGED_FLAG	0x10
CRL_REASON_SUPERSEDED_FLAG	0x08
CRL_REASON_CESSATION_OF_OPERATION_FLAG	0x04
CRL_REASON_CERTIFICATE_HOLD_FLAG	0x02

CRL_DIST_POINT

Members

See Also