diff --git a/dlls/crypt32/tests/crl.c b/dlls/crypt32/tests/crl.c
index 0eaf43a9086..d50d99638fa 100644
--- a/dlls/crypt32/tests/crl.c
+++ b/dlls/crypt32/tests/crl.c
@@ -312,13 +312,97 @@ static const BYTE verisignCommercialSoftPubCA[] = {
 0x5f,0xef,0x04,0x9b,0xde,0x02,0x82,0xdd,0x88,0x29,0xb1,0xc3,0x4f,0xa5,0xcd,0x71,
 0x64,0x31,0x3c,0x3c
 };
+static const BYTE rootWithKeySignAndCRLSign[] = {
+0x30,0x82,0x01,0xdf,0x30,0x82,0x01,0x4c,0xa0,0x03,0x02,0x01,0x02,0x02,0x10,
+0x5b,0xc7,0x0b,0x27,0x99,0xbb,0x2e,0x99,0x47,0x9d,0x45,0x4e,0x7c,0x1a,0xca,
+0xe8,0x30,0x09,0x06,0x05,0x2b,0x0e,0x03,0x02,0x1d,0x05,0x00,0x30,0x10,0x31,
+0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,0x43,0x65,0x72,0x74,0x31,
+0x30,0x1e,0x17,0x0d,0x30,0x37,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,
+0x30,0x5a,0x17,0x0d,0x30,0x37,0x31,0x32,0x33,0x31,0x32,0x33,0x35,0x39,0x35,
+0x39,0x5a,0x30,0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,
+0x43,0x65,0x72,0x74,0x31,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,
+0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x8d,0x00,0x30,0x81,0x89,
+0x02,0x81,0x81,0x00,0xad,0x7e,0xca,0xf3,0xe5,0x99,0xc2,0x2a,0xca,0x50,0x82,
+0x7c,0x2d,0xa4,0x81,0xcd,0x0d,0x0d,0x86,0xd7,0xd8,0xb2,0xde,0xc5,0xc3,0x34,
+0x9e,0x07,0x78,0x08,0x11,0x12,0x2d,0x21,0x0a,0x09,0x07,0x14,0x03,0x7a,0xe7,
+0x3b,0x58,0xf1,0xde,0x3e,0x01,0x25,0x93,0xab,0x8f,0xce,0x1f,0xc1,0x33,0x91,
+0xfe,0x59,0xb9,0x3b,0x9e,0x95,0x12,0x89,0x8e,0xc3,0x4b,0x98,0x1b,0x99,0xc5,
+0x07,0xe2,0xdf,0x15,0x4c,0x39,0x76,0x06,0xad,0xdb,0x16,0x06,0x49,0xba,0xcd,
+0x0f,0x07,0xd6,0xea,0x27,0xa6,0xfe,0x3d,0x88,0xe5,0x97,0x45,0x72,0xb6,0x1c,
+0xc0,0x1c,0xb1,0xa2,0x89,0xe8,0x37,0x9e,0xf6,0x2a,0xcf,0xd5,0x1f,0x2f,0x35,
+0x5e,0x8f,0x3a,0x9c,0x61,0xb1,0xf1,0x6c,0xff,0x8c,0xb2,0x2f,0x02,0x03,0x01,
+0x00,0x01,0xa3,0x42,0x30,0x40,0x30,0x0e,0x06,0x03,0x55,0x1d,0x0f,0x01,0x01,
+0xff,0x04,0x04,0x03,0x02,0x00,0x06,0x30,0x0f,0x06,0x03,0x55,0x1d,0x13,0x01,
+0x01,0xff,0x04,0x05,0x30,0x03,0x01,0x01,0xff,0x30,0x1d,0x06,0x03,0x55,0x1d,
+0x0e,0x04,0x16,0x04,0x14,0x14,0x8c,0x16,0xbb,0xbe,0x70,0xa2,0x28,0x89,0xa0,
+0x58,0xff,0x98,0xbd,0xa8,0x24,0x2b,0x8a,0xe9,0x9a,0x30,0x09,0x06,0x05,0x2b,
+0x0e,0x03,0x02,0x1d,0x05,0x00,0x03,0x81,0x81,0x00,0x74,0xcb,0x21,0xfd,0x2d,
+0x25,0xdc,0xa5,0xaa,0xa1,0x26,0xdc,0x8b,0x40,0x11,0x64,0xae,0x5c,0x71,0x3c,
+0x28,0xbc,0xf9,0xb3,0xcb,0xa5,0x94,0xb2,0x8d,0x4c,0x23,0x2b,0x9b,0xde,0x2c,
+0x4c,0x30,0x04,0xc6,0x88,0x10,0x2f,0x53,0xfd,0x6c,0x82,0xf1,0x13,0xfb,0xda,
+0x27,0x75,0x25,0x48,0xe4,0x72,0x09,0x2a,0xee,0xb4,0x1e,0xc9,0x55,0xf5,0xf7,
+0x82,0x91,0xd8,0x4b,0xe4,0x3a,0xfe,0x97,0x87,0xdf,0xfb,0x15,0x5a,0x12,0x3e,
+0x12,0xe6,0xad,0x40,0x0b,0xcf,0xee,0x1a,0x44,0xe0,0x83,0xb2,0x67,0x94,0xd4,
+0x2e,0x7c,0xf2,0x06,0x9d,0xb3,0x3b,0x7e,0x2f,0xda,0x25,0x66,0x7e,0xa7,0x1f,
+0x45,0xd4,0xf5,0xe3,0xdf,0x2a,0xf1,0x18,0x28,0x20,0xb5,0xf8,0xf5,0x8d,0x7a,
+0x2e,0x84,0xee };
+static const BYTE eeCert[] = {
+0x30,0x82,0x01,0x93,0x30,0x81,0xfd,0xa0,0x03,0x02,0x01,0x02,0x02,0x01,0x01,
+0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,
+0x30,0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,0x43,0x65,
+0x72,0x74,0x31,0x30,0x1e,0x17,0x0d,0x30,0x37,0x30,0x35,0x30,0x31,0x30,0x30,
+0x30,0x30,0x30,0x30,0x5a,0x17,0x0d,0x30,0x37,0x31,0x30,0x30,0x31,0x30,0x30,
+0x30,0x30,0x30,0x30,0x5a,0x30,0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,
+0x03,0x13,0x05,0x43,0x65,0x72,0x74,0x32,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09,
+0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x8d,0x00,
+0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xb8,0x52,0xda,0xc5,0x4b,0x3f,0xe5,0x33,
+0x0e,0x67,0x5f,0x48,0x21,0xdc,0x7e,0xef,0x37,0x33,0xba,0xff,0xb4,0xc6,0xdc,
+0xb6,0x17,0x8e,0x20,0x55,0x07,0x12,0xd2,0x7b,0x3c,0xce,0x30,0xc5,0xa7,0x48,
+0x9f,0x6e,0xfe,0xb8,0xbe,0xdb,0x9f,0x9b,0x17,0x60,0x16,0xde,0xc6,0x8b,0x47,
+0xd1,0x57,0x71,0x3c,0x93,0xfc,0xbd,0xec,0x44,0x32,0x3b,0xb9,0xcf,0x6b,0x05,
+0x72,0xa7,0x87,0x8e,0x7e,0xd4,0x9a,0x87,0x1c,0x2f,0xb7,0x82,0x40,0xfc,0x6a,
+0x80,0x83,0x68,0x28,0xce,0x84,0xf4,0x0b,0x2e,0x44,0xcb,0x53,0xac,0x85,0x85,
+0xb5,0x46,0x36,0x98,0x3c,0x10,0x02,0xaa,0x02,0xbc,0x8b,0xa2,0x23,0xb2,0xd3,
+0x51,0x9a,0x22,0x4a,0xe3,0xaa,0x4e,0x7c,0xda,0x38,0xcf,0x49,0x98,0x72,0xa3,
+0x02,0x03,0x01,0x00,0x01,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,
+0x01,0x01,0x05,0x05,0x00,0x03,0x81,0x81,0x00,0x22,0xf1,0x66,0x00,0x79,0xd2,
+0xe6,0xb2,0xb2,0xf7,0x2f,0x98,0x92,0x7d,0x73,0xc3,0x6c,0x5c,0x77,0x20,0xe3,
+0xbf,0x3e,0xe0,0xb3,0x5c,0x68,0xb4,0x9b,0x3a,0x41,0xae,0x94,0xa0,0x80,0x3a,
+0xfe,0x5d,0x7a,0x56,0x87,0x85,0x44,0x45,0xcf,0xa6,0xd3,0x10,0xe7,0x73,0x41,
+0xf2,0x7f,0x88,0x85,0x91,0x8e,0xe6,0xec,0xe2,0xce,0x08,0xbc,0xa5,0x76,0xe5,
+0x4d,0x1d,0xb7,0x70,0x31,0xdd,0xc9,0x9a,0x15,0x32,0x11,0x5a,0x4e,0x62,0xc8,
+0xd1,0xf8,0xec,0x46,0x39,0x5b,0xe7,0x67,0x1f,0x58,0xe8,0xa1,0xa0,0x5b,0xf7,
+0x8a,0x6d,0x5f,0x91,0x18,0xd4,0x90,0x85,0xff,0x30,0xc7,0xca,0x9c,0xc6,0x92,
+0xb0,0xca,0x16,0xc4,0xa4,0xc0,0xd6,0xe8,0xff,0x15,0x19,0xd1,0x30,0x61,0xf3,
+0xef,0x9f };
+static const BYTE rootSignedCRL[] = {
+0x30,0x82,0x01,0x1d,0x30,0x81,0x87,0x02,0x01,0x01,0x30,0x0d,0x06,0x09,0x2a,
+0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x30,0x10,0x31,0x0e,0x30,
+0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,0x43,0x65,0x72,0x74,0x31,0x17,0x0d,
+0x30,0x37,0x30,0x39,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x17,0x0d,
+0x30,0x37,0x31,0x32,0x33,0x31,0x32,0x33,0x35,0x39,0x35,0x39,0x5a,0x30,0x14,
+0x30,0x12,0x02,0x01,0x01,0x17,0x0d,0x30,0x37,0x30,0x39,0x30,0x31,0x30,0x30,
+0x30,0x30,0x30,0x30,0x5a,0xa0,0x2d,0x30,0x2b,0x30,0x0a,0x06,0x03,0x55,0x1d,
+0x14,0x04,0x03,0x02,0x01,0x01,0x30,0x1d,0x06,0x03,0x55,0x1d,0x23,0x04,0x16,
+0x04,0x14,0x14,0x8c,0x16,0xbb,0xbe,0x70,0xa2,0x28,0x89,0xa0,0x58,0xff,0x98,
+0xbd,0xa8,0x24,0x2b,0x8a,0xe9,0x9a,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,
+0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x03,0x81,0x81,0x00,0x9b,0x2b,0x99,0x0d,
+0x16,0x83,0x93,0x54,0x29,0x3a,0xa6,0x53,0x5d,0xf8,0xa6,0x73,0x9f,0x2a,0x45,
+0x39,0x91,0xff,0x91,0x1c,0x27,0x06,0xe8,0xdb,0x72,0x3f,0x66,0x89,0x15,0x68,
+0x55,0xd5,0x49,0x63,0xa6,0x00,0xe9,0x66,0x9c,0x97,0xf9,0xb3,0xb3,0x2b,0x1b,
+0xc7,0x79,0x46,0xa8,0xd8,0x2b,0x78,0x27,0xa0,0x70,0x02,0x81,0xc6,0x40,0xb3,
+0x76,0x32,0x65,0x4c,0xf8,0xff,0x1d,0x41,0x6e,0x16,0x09,0xa2,0x8a,0x7b,0x0c,
+0xd0,0xa6,0x9b,0x61,0xa3,0x7c,0x02,0x91,0x79,0xdf,0x6a,0x5e,0x88,0x95,0x66,
+0x33,0x17,0xcb,0x5a,0xd2,0xdc,0x89,0x05,0x62,0x97,0x60,0x73,0x7b,0x2c,0x1a,
+0x90,0x20,0x73,0x24,0x9f,0x45,0x22,0x4b,0xc1,0x33,0xd1,0xda,0xd8,0x7e,0x1b,
+0x3d,0x74,0xd6,0x3b };
 
 static void testFindCRL(void)
 {
     HCERTSTORE store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
      CERT_STORE_CREATE_NEW_FLAG, NULL);
     PCCRL_CONTEXT context;
-    PCCERT_CONTEXT cert;
+    PCCERT_CONTEXT cert, endCert, rootCert;
     CRL_FIND_ISSUED_FOR_PARA issuedForPara = { NULL, NULL };
     DWORD count, revoked_count;
     BOOL ret;
@@ -511,6 +595,157 @@ static void testFindCRL(void)
     CertFreeCertificateContext(cert);
 
     CertCloseStore(store, 0);
+
+    /* This test uses a synthesized chain (rootWithKeySignAndCRLSign ->
+     * eeCert) whose end certificate is in the CRL.
+     */
+    store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
+     CERT_STORE_CREATE_NEW_FLAG, NULL);
+    /* Add a CRL for the end certificate */
+    CertAddEncodedCRLToStore(store, X509_ASN_ENCODING,
+     rootSignedCRL, sizeof(rootSignedCRL), CERT_STORE_ADD_ALWAYS, NULL);
+    /* Add another CRL unrelated to the tested chain */
+    CertAddEncodedCRLToStore(store, X509_ASN_ENCODING,
+     verisignCRL, sizeof(verisignCRL), CERT_STORE_ADD_ALWAYS, NULL);
+    endCert = CertCreateCertificateContext(X509_ASN_ENCODING,
+     eeCert, sizeof(eeCert));
+    rootCert = CertCreateCertificateContext(X509_ASN_ENCODING,
+     rootWithKeySignAndCRLSign, sizeof(rootWithKeySignAndCRLSign));
+    issuedForPara.pSubjectCert = endCert;
+    issuedForPara.pIssuerCert = rootCert;
+    context = NULL;
+    count = revoked_count = 0;
+    do {
+        context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_FOR,
+         &issuedForPara, context);
+        if (context)
+        {
+            PCRL_ENTRY entry;
+
+            count++;
+            if (CertFindCertificateInCRL(endCert, context, 0, NULL, &entry) &&
+             entry)
+                revoked_count++;
+        }
+    } while (context);
+    ok(count == 1, "expected 1 matching CRLs, got %d\n", count);
+    ok(revoked_count == 1, "expected 1 matching CRL entries, got %d\n",
+     revoked_count);
+
+    /* Test CRL_FIND_ISSUED_BY flags */
+    count = revoked_count = 0;
+    do {
+        context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_BY,
+         endCert, context);
+        if (context)
+        {
+            PCRL_ENTRY entry;
+
+            count++;
+            if (CertFindCertificateInCRL(endCert, context, 0, NULL, &entry) &&
+             entry)
+                revoked_count++;
+        }
+    } while (context);
+    todo_wine {
+    ok(count == 0, "expected 0 matching CRLs, got %d\n", count);
+    ok(revoked_count == 0, "expected 0 matching CRL entries, got %d\n",
+     revoked_count);
+    }
+    count = revoked_count = 0;
+    do {
+        context = pCertFindCRLInStore(store, 0, 0, CRL_FIND_ISSUED_BY,
+         rootCert, context);
+        if (context)
+        {
+            PCRL_ENTRY entry;
+
+            count++;
+            if (CertFindCertificateInCRL(endCert, context, 0, NULL, &entry) &&
+             entry)
+                revoked_count++;
+        }
+    } while (context);
+    ok(count == 1, "expected 1 matching CRLs, got %d\n", count);
+    ok(revoked_count == 1, "expected 1 matching CRL entries, got %d\n",
+     revoked_count);
+    count = revoked_count = 0;
+    do {
+        context = pCertFindCRLInStore(store, 0, CRL_FIND_ISSUED_BY_AKI_FLAG,
+         CRL_FIND_ISSUED_BY, endCert, context);
+        if (context)
+        {
+            PCRL_ENTRY entry;
+
+            count++;
+            if (CertFindCertificateInCRL(endCert, context, 0, NULL, &entry) &&
+             entry)
+                revoked_count++;
+        }
+    } while (context);
+    todo_wine {
+    ok(count == 0, "expected 0 matching CRLs, got %d\n", count);
+    ok(revoked_count == 0, "expected 0 matching CRL entries, got %d\n",
+     revoked_count);
+    }
+    count = revoked_count = 0;
+    do {
+        context = pCertFindCRLInStore(store, 0, CRL_FIND_ISSUED_BY_AKI_FLAG,
+         CRL_FIND_ISSUED_BY, rootCert, context);
+        if (context)
+        {
+            PCRL_ENTRY entry;
+
+            count++;
+            if (CertFindCertificateInCRL(rootCert, context, 0, NULL, &entry) &&
+             entry)
+                revoked_count++;
+        }
+    } while (context);
+    todo_wine
+    ok(count == 0, "expected 0 matching CRLs, got %d\n", count);
+    ok(revoked_count == 0, "expected 0 matching CRL entries, got %d\n",
+     revoked_count);
+    count = revoked_count = 0;
+    do {
+        context = pCertFindCRLInStore(store, 0,
+         CRL_FIND_ISSUED_BY_SIGNATURE_FLAG, CRL_FIND_ISSUED_BY, endCert,
+         context);
+        if (context)
+        {
+            PCRL_ENTRY entry;
+
+            count++;
+            if (CertFindCertificateInCRL(endCert, context, 0, NULL, &entry) &&
+             entry)
+                revoked_count++;
+        }
+    } while (context);
+    ok(count == 0, "expected 0 matching CRLs, got %d\n", count);
+    ok(revoked_count == 0, "expected 0 matching CRL entries, got %d\n",
+     revoked_count);
+    count = revoked_count = 0;
+    do {
+        context = pCertFindCRLInStore(store, 0,
+         CRL_FIND_ISSUED_BY_SIGNATURE_FLAG, CRL_FIND_ISSUED_BY, rootCert,
+         context);
+        if (context)
+        {
+            PCRL_ENTRY entry;
+
+            count++;
+            if (CertFindCertificateInCRL(endCert, context, 0, NULL, &entry) &&
+             entry)
+                revoked_count++;
+        }
+    } while (context);
+    ok(count == 1, "expected 1 matching CRLs, got %d\n", count);
+    ok(revoked_count == 1, "expected 1 matching CRL entries, got %d\n",
+     revoked_count);
+    CertFreeCertificateContext(rootCert);
+    CertFreeCertificateContext(endCert);
+
+    CertCloseStore(store, 0);
 }
 
 static void testGetCRLFromStore(void)