Function

CertVerifyCTLUsage

Directives

External
Name
Stdcall

Module

wcrypt2

Last Modified

7/15/2014 3:26:44 PM

Comments

+-------------------------------------------------------------------------
  Verify that a subject is trusted for the specified usage by finding a
  signed and time valid CTL with the usage identifiers and containing the
  the subject. A subject can be identified by either its certificate context
  or any identifier such as its SHA1 hash.
  See CertFindSubjectInCTL for definition of dwSubjectType and pvSubject
  parameters.
  Via pVerifyUsagePara, the caller can specify the stores to be searched
  to find the CTL. The caller can also specify the stores containing
  acceptable CTL signers. By setting the ListIdentifier, the caller
  can also restrict to a particular signer CTL list.
  Via pVerifyUsageStatus, the CTL containing the subject, the subject's
  index into the CTL's array of entries, and the signer of the CTL
  are returned. If the caller is not interested, ppCtl and ppSigner can be set
  to NULL. Returned contexts must be freed via the store's free context APIs.
  If the CERT_VERIFY_INHIBIT_CTL_UPDATE_FLAG isn't set, then, a time
  invalid CTL in one of the CtlStores may be replaced. When replaced, the
  CERT_VERIFY_UPDATED_CTL_FLAG is set in pVerifyUsageStatus->dwFlags.
  If the CERT_VERIFY_TRUSTED_SIGNERS_FLAG is set, then, only the
  SignerStores specified in pVerifyUsageStatus are searched to find
  the signer. Otherwise, the SignerStores provide additional sources
  to find the signer's certificate.
  If CERT_VERIFY_NO_TIME_CHECK_FLAG is set, then, the CTLs aren't checked
  for time validity.
  If CERT_VERIFY_ALLOW_MORE_USAGE_FLAG is set, then, the CTL may contain
  additional usage identifiers than specified by pSubjectUsage. Otherwise,
  the found CTL will contain the same usage identifers and no more.
  CertVerifyCTLUsage will be implemented as a dispatcher to OID installable
  functions. First, it will try to find an OID function matching the first
  usage object identifier in the pUsage sequence. Next, it will dispatch
  to the default CertDllVerifyCTLUsage functions.
  If the subject is trusted for the specified usage, then, TRUE is
  returned. Otherwise, FALSE is returned with dwError set to one of the
  following:
      CRYPT_E_NO_VERIFY_USAGE_DLL
      CRYPT_E_NO_VERIFY_USAGE_CHECK
      CRYPT_E_VERIFY_USAGE_OFFLINE
      CRYPT_E_NOT_IN_CTL
      CRYPT_E_NO_TRUSTED_SIGNER
--------------------------------------------------------------------------

Scope

Interfaced

Declaration

function CertVerifyCTLUsage(dwEncodingType :DWORD;
                            dwSubjectType :DWORD;
                            pvSubject :PVOID;
                            pSubjectUsage :PCTL_USAGE;
                            dwFlags :DWORD;
                            pVerifyUsagePara :PCTL_VERIFY_USAGE_PARA;
                            pVerifyUsageStatus:PCTL_VERIFY_USAGE_STATUS
                            ):BOOL ; stdcall;


Source