| Platform SDK: Logon Authentication |
The SSL3 and TLS protocols supported by Schannel require a CloseNotify message to be sent if either the client or the server shuts down a connection. Shutdowns are handled through an extension to the SSPI semantics similar to those used for redos.
There are two parts to dealing with shutdowns—generating a shutdown and handling an incoming shutdown.
An application can initiate a shutdown by calling ApplyControlTokenwith the SCHANNEL_SHUTDOWN control token on an existing connection. The application then goes back to the negotiation loop and calls AcceptSecurityContext or InitializeSecurityContext as it did when it established the secure connection in the first place.
Note An empty input buffer is passed in on the first call.
Eventually, AcceptSecurityContext or InitializeSecurityContext returns either SEC_E_CONTEXT_EXPIRED or SEC_E_OK, at which point the connection is shut down. The application then sends any output data from the call to AcceptSecurityContext or InitializeSecurityContext to the remote party and deletes the security context with DeleteSecurityContext. The output data sent is the CloseNotify message.
See Disconnecting from a Server for example code.