CertIsValidCRLForCertificate function (wincrypt.h)

The CertIsValidCRLForCertificate function checks a CRL to find out if it is a CRL that would include a specific certificate if that certificate were revoked. If the CRL has an issuing distribution point (IDP) extension, the function checks whether that IDP is valid for the certificate being checked.


BOOL CertIsValidCRLForCertificate(
  [in] PCCERT_CONTEXT pCert,
  [in] PCCRL_CONTEXT  pCrl,
  [in] DWORD          dwFlags,
  [in] void           *pvReserved


[in] pCert

A pointer to a certificate context.

[in] pCrl

A pointer to a CRL. The function checks this CRL to determine whether it could contain the certificate context pointed to by pCert. The function does not look for the certificate in the CRL.

[in] dwFlags

Currently not used and must be set to zero.

[in] pvReserved

Currently not used and must be set to NULL.

Return value

The function returns TRUE if the CRL is a valid CRL to be searched for the specific certificate. It returns FALSE if the CRL is not a valid CRL for searching for the certificate.


For the CRL to be valid for the certificate, the CertIsValidCRLForCertificate function does not require the CRL to be issued by the same certification authority (CA) as the issuer of the certificate.


Requirement Value
Minimum supported client Windows XP [desktop apps | UWP apps]
Minimum supported server Windows Server 2003 [desktop apps | UWP apps]
Target Platform Windows
Header wincrypt.h
Library Crypt32.lib
DLL Crypt32.dll