CertAddEncodedCRLToStore

The CertAddEncodedCRLToStore function creates a CRL context from an encoded CRL and adds it to the certificate store. The function makes a copy of the CRL context before adding it to the store.

#include <wincrypt.h>
BOOL WINAPI CertAddEncodedCRLToStore(
  HCERTSTORE hCertStore,               // in
  DWORD dwCertEncodingType,            // in
  const BYTE *pbCrlEncoded,            // in
  DWORD cbCrlEncoded,                  // in
  DWORD dwAddDisposition,              // in
  PCCRL_CONTEXT *ppCrlContext          // out, optional
);

Parameters

hCertStore

Handle to the certificate store.

dwCertEncodingType

Type of encoding used on the CRL. The currently defined encoding type is X509_ASN_ENCODING (0x00000001).

pbCrlEncoded

Pointer to the encoded CRL that is to be added to the certificate store.

cbCrlEncoded

Size, in bytes, of the encoded CRL to be added to the certificate store.

dwAddDisposition

Value that specifies the action to take if a matching CRL or a link to a matching CRL already exists in the store. Currently defined disposition values and their uses are:

CERT_STORE_ADD_NEW.: If a matching CRL or a link to a matching CRL exists, the operation fails. GetLastError returns CRYPT_E_EXISTS.
CERT_STORE_ADD_USE_EXISTING.: If a matching CRL or a link to a matching CRL exists, that existing CRL is used and properties from the new CRL are added. The function does not fail, but no new CRL is added. If ppCertContext is not NULL, the existing context is duplicated.
If a matching CRL or a link to a matching CRL does not exist, a new CRL is added.
CERT_STORE_ADD_REPLACE_EXISTING.: If a matching CRL or a link to a matching CRL exists, that existing CRL or link is deleted and a new CRL is created and added to the store. If a matching CRL or a link to a matching CRL does not exist, one is added.
CERT_STORE_ADD_ALWAYS.: Makes no check for an existing matching CRL or link to a matching CRL. A new CRL is always added to the store. This may lead to duplicates in a store.
CERT_STORE_ADD_REPLACE_EXISTING_INHERIT_PROPERTIES.: If a matching CRL exists in the store, that existing context is deleted before creating and adding the new context. The new context inherits properties from the existing CRL
CERT_STORE_ADD_NEWER: If a matching CRL or a link to a matching CRL exists, the ThisUpdate times on the CRLs are compared. If the existing CRL has a ThisUpdate time less than the ThisUpdate time on the new CRL, the old CRL or link is replaced just as with CERT_STORE_ADD_REPLACE_EXISTING. If the existing CRL has a ThisUpdate time greater than or equal to the ThisUpdate time on the CRL to be added, the function fails with GetLastError returning CRYPT_E_EXISTS.
If a matching CRL or a link to a matching CRL is not found in the store, a new CRL is added to the store.
CERT_STORE_ADD_NEWER_INHERIT_PROPERTIES.: The action is the same as for CERT_STORE_ADD_NEWER except that if an older CRL is replaced, the properties of the older CRL are incorporated into the replacement CRL.

ppCrlContext

Pointer to a pointer to the decoded CRL context. This is an optional parameter that can be NULL, indicating that the caller does not want a copy of the new or existing CRL. If a copy is made, that context must be freed by using CertFreeCRLContext.

Return Values

The function returns TRUE if the function succeeded, FALSE if the function failed.

GetLastError returns the reason for any failures using the following error codes:

CRYPT_E_EXISTS: This error is returned if CERT_STORE_ADD_NEW is set and the CRL already exists in the store or if CERT_STORE_ADD_NEWER is set and a there is a CRL in the store with a ThisUpdate time greater than or equal to the ThisUpdate time on the CRL to be added.
CRYPT_E_OSS_ERROR: An ASN.1 decoding error occurred. To get the OSS error, subtract the value of CRYPT_E_OSS_ERROR from the returned error and see asn1code.h for details on the error.
E_INVALIDARG: An invalid add disposition was specified by the dwAddDisposition argument or an invalid encoding type was specified. Currently only encoding type X509_ASN_ENCODING is supported.

Example

See CertAddEncodedCertificateToStore. In that example, change all references from "certificate" to "CRL."

QuickInfo

  Windows NT: Requires version 4.0 SP3 or later. Available also in IE 3.02 and later.
  Windows: Requires Windows 95 OSR2 or later.
  Windows CE: Unsupported.
  Header: Declared in wincrypt.h.
  Import Library: Use crypt32.lib.

CertAddEncodedCRLToStore

Parameters

Return Values

Example

QuickInfo

See Also