Platform SDK: Logon Authentication |
The SCHANNEL_CRED structure contains the data for an Schannel credential.
typedef struct _SCHANNEL_CRED { DWORD dwVersion; DWORD cCreds; PCCERT_CONTEXT * paCred; HCERTSTORE hRootStore; DWORD cMappers; struct _HMAPPER ** aphMappers; DWORD cSupportedAlgs; ALG_ID * palgSupportedAlgs; DWORD grbitEnabledProtocols; DWORD dwMinimumCipherStrength; DWORD dwMaximumCipherStrength; DWORD dwSessionLifespan; DWORD dwFlags; DWORD reserved; } SCHANNEL_CRED, *PSCHANNEL_CRED;
Client applications often pass in an empty list and either depend on Schannel to find an appropriate certificate or will supply a certificate later if needed.
Client-side applications set this field to NULL.
When Schannel receives a certificate from a remote client, it calls each of these certificate mapping functions in turn until one succeeds. In this case, the certificate mapper will return a user token to Schannel that will later be passed to the application through the QuerySecurityContextToken function.
Client-side applications pass zero and NULL in these fields.
If cSupportedAlgs is zero or palgSupportedAlgs is NULL, Schannel uses the system defaults.
The global system settings (in HKEY_LOCAL_MACHINE) take precedence over this value. For example, if SSL3 is disabled in the registry, it cannot be enabled through this bit field. The flags used with this field include:
SS_PROT_PCT1_SERVER
SP_PROT_PCT1_CLIENT
SP_PROT_SSL2_CLIENT
SP_PROT_SSL2_SERVER
SP_PROT_SSL3_CLIENT
SP_PROT_SSL3_SERVER
SP_PROT_TLS1_CLIENT
SP_PROT_TLS1_SERVER
If this is zero, Schannel selects the protocol.
If zero, Schannel uses its default setting.
If zero, Schannel uses its default setting.
This flag is ignored by versions of Schannel earlier than Windows 2000.
This flag is intended for use by client applications only. It is ignored by versions of Schannel earlier than Windows 2000 or if the SCH_CRED_MANUAL_CRED_VALIDATION flag is also set.
This flag is ignored by versions of Schannel earlier than Windows 2000, but client applications that validate certificate chains must specify this flag to run correctly on Windows 2000.
This flag is ignored by versions of Schannel earlier than Windows 2000, but client applications that will manually specify certificate chains must specify this flag to run correctly on Windows 2000.
Windows NT/2000: Requires Windows NT 3.51 or later.
Windows 95/98: Requires Windows 95 or later.
Header: Declared in Schannel.h; include Schnlsp.h.