Re: CertGetCertificateChain() vs CertVerifyRevocation()

From: Vishal Agarwal[MSFT] (vishala_at_online.microsoft.com)
Date: 05/26/04 

Date: Wed, 26 May 2004 11:15:38 -0700

I'm not sure I understand your problem statement correctly,

You can use CertGetCertificateChain with fCheckRevocationFreshnessTime =
TRUE and dwRevocationFreshnessTime = 0 (both members of CERT_CHAIN_PARA
structure), this will force CRL fetching.

Thanks,
Vishal Agarwal [MSFT] 

-- 
This posting is provided "AS IS" with no warranties, and confers no rights
"prem" <anonymous@discussions.microsoft.com> wrote in message
news:13C3BB17-23B6-4E75-9E6F-3BC139FC5B69@microsoft.com...
> Hello Everybody,
>
> I need to check the revocation status of a given certificate ( the whole
chain ). Currently I have a problem with CertGetCertificateChain() as it
takes its own time to show the real status ( even after publishing the
CRL ). Not sure if there are any ways to overcome this.
>
> One workaround I got from this group was to unload crypt32.dll but it
involves more work.
>
> Mean while I saw an API CertVerifyRevocation() which says that we can set
fCheckFreshnessTime. I was not sure if this API can fetch the CRL
immediately and if can check the whole chain.
>
> Can any one please clarify me the above problem ?
>
> Thanks
> -Prem
>