From b0dfe4048b39696cbfefa9db1c0f61f8808864a3 Mon Sep 17 00:00:00 2001
From: Juan Lang <juan_lang@yahoo.com>
Date: Fri, 7 Jul 2006 13:19:53 -0700
Subject: [PATCH] crypt32: Implement revocation check in
 CertVerifySubjectCertificateContext.

---
 dlls/crypt32/cert.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/dlls/crypt32/cert.c b/dlls/crypt32/cert.c
index 2bcc4f73ad5..eabea824a4b 100644
--- a/dlls/crypt32/cert.c
+++ b/dlls/crypt32/cert.c
@@ -731,12 +731,16 @@ BOOL WINAPI CertVerifySubjectCertificateContext(PCCERT_CONTEXT pSubject,
     }
     if (*pdwFlags & CERT_STORE_REVOCATION_FLAG)
     {
-        PCCRL_CONTEXT crl = CertFindCRLInStore(pSubject->hCertStore,
-         pSubject->dwCertEncodingType, 0, CRL_FIND_ISSUED_BY, pSubject, NULL);
+        DWORD flags = 0;
+        PCCRL_CONTEXT crl = CertGetCRLFromStore(pSubject->hCertStore, pSubject,
+         NULL, &flags);
 
+        /* FIXME: what if the CRL has expired? */
         if (crl)
         {
-            FIXME("check CRL for subject\n");
+            if (CertVerifyCRLRevocation(pSubject->dwCertEncodingType,
+             pSubject->pCertInfo, 1, (PCRL_INFO *)&crl->pCrlInfo))
+                *pdwFlags &= CERT_STORE_REVOCATION_FLAG;
         }
         else
             *pdwFlags |= CERT_STORE_NO_CRL_FLAG;