For the szOID_NETSCAPE_REVOCATION_URL extension, CryptEncodeObject, CryptEncodeObjectEx, CryptDecodeObject, or CryptDecodeObjectEx can be called with lpszStructType set to X509_ANY_STRING or X509_UNICODE_ANY_STRING.
A relative or absolute URL can be used to check the revocation status of a certificate. The revocation check will be performed as an HTTP GET method using a url that is the concatenation of revocation-url and certificate-serial-number. The certificate-serial-number is encoded as a string of ascii hexadecimal digits. For example, if the netscape-base-url is https://www.certs-r-us.com/, the netscape-revocation-url is cgi-bin/check-rev.cgi?, and the certificate serial number is 173420, the resulting URL would be: https://www.certs-r-us.com/cgi-bin/check-rev.cgi?02a56c
The server should return a document with a Content-Type of application/x-netscape-revocation. The document should contain a single ascii digit, '1' if the certificate is not currently valid, and '0' if it is currently valid.
Note that for all of the URLs that include the certificate serial number, the serial number will be encoded as a string that consists of an even number of hexadecimal digits. If the number of significant digits is odd, the string will have a single leading zero to ensure an even number of digits is generated.
The following details apply:
"2.16.840.1.113730.1.3"
pvStructInfo points to a CERT_NAME_VALUE structure. The dwValueType member of the CERT_NAME_VALUE is set to CERT_RDN_IA5_STRING. The Value member's pbData member points to an IA5_STRING that is a relative or absolute URL that can be used to check the revocation status of a certificate.
When encoding, use X509_ANY_STRING when the string format in the Value member's pbData member is Ascii, and use X509_UNICODE_ANY_STRING when the string format is UNICODE. For the UNICODE case, before encoding, the string is converted to an IA5_STRING as specified by setting dwValueType to CERT_RDN_IA5_STRING.
For decoding, the user has the option of selecting the format of the string that is output to the CERT_NAME_VALUE structure. Use X509_ANY_STRING when the desired string format is Ascii, and use X509_UNICODE_ANY_STRING when the desired string format is UNICODE.