locked
CryptGetObjectUrl returns E_ACCESSDENIED in some cases, why? RRS feed

  • Question

  • In the call to CryptGetObjectUrl: such as

    CryptGetObjectUrl(URL_OID_CERTIFICATE_ISSUER, certPointer, CRYPT_GET_URL_FROM_EXTENSION | CRYPT_GET_URL_FROM_PROPERTY | CRYPT_GET_URL_FROM_AUTH_ATTRIBUTE | CRYPT_GET_URL_FROM_UNAUTH_ATTRIBUTE,...)

    That means passing in a CERT_INFO that does contain AIA extensions proving URL to issuer (confirmed to contain 1.3.6.1.5.5.7.48.2). With this type of call, CryptGetObjectUrl sometimes correctly finds the URL. At other times it fails and GetLastError indicates E_ACCESSDENIED. Why does it fail, even though the URL is present in the CERT_INFO?


    Friday, August 9, 2013 1:55 PM