CertIsValidCRLForCertificate function (wincrypt.h)
The CertIsValidCRLForCertificate function checks a CRL to find out if it is a CRL that would include a specific certificate if that certificate were revoked. If the CRL has an issuing distribution point (IDP) extension, the function checks whether that IDP is valid for the certificate being checked.
BOOL CertIsValidCRLForCertificate( [in] PCCERT_CONTEXT pCert, [in] PCCRL_CONTEXT pCrl, [in] DWORD dwFlags, [in] void *pvReserved );
A pointer to a certificate context.
A pointer to a CRL. The function checks this CRL to determine whether it could contain the certificate context pointed to by pCert. The function does not look for the certificate in the CRL.
Currently not used and must be set to zero.
Currently not used and must be set to NULL.
The function returns TRUE if the CRL is a valid CRL to be searched for the specific certificate. It returns FALSE if the CRL is not a valid CRL for searching for the certificate.
For the CRL to be valid for the certificate, the CertIsValidCRLForCertificate function does not require the CRL to be issued by the same certification authority (CA) as the issuer of the certificate.
|Minimum supported client||Windows XP [desktop apps | UWP apps]|
|Minimum supported server||Windows Server 2003 [desktop apps | UWP apps]|