QUERYCLIENTCERT

The QUERYCLIENTCERT function is a client-side function that allows the server to request a certificate from the client when establishing a secure sockets layer (SSL) connection.

BOOLEAN QUERYCLIENTCERT (
  PLDAP Connection,
  PSecPkgContext_IssuerListInfoEx trusted_CAs,
  HCERTSTORE hCertStore,
  DWORD* pcCreds
);

Parameters

Connection

[in] The session handle.

trusted_CAs

[in] A list of server-trusted Certificate Authorities.

hCertStore

[in, out] Upon receiving the callback, the user converts his client certificates to CERT_CONTEXTs and adds them to a given CertStore handle along with the client credentials (pcCreds) and returns a value of True. Or, returns a value of False if not willing to pass in a client certificate.

pcCreds

[in, out] The client credentials.

Remarks

Implement this function in your client application with the signature described above. Then call ldap_set_option(conn, LDAP_OPT_CLIENT_CERTIFICATE, &CertRoutine) where CertRoutine is the address of your callback routine.

When the server demands a client certificate for authorization it will call QUERYCLIENTCERT. The LDAP run time passes a structure containing a list of server-trusted Certificate Authorities. If the user can successfully provide the server with a certificate issued by any of these Certificate Authorities, the run time allocates an array of one or more CERT_CONTEXT structures, fills in the certificates, and passes back a pointer to the structure. The run time will subsequently pass these credentials to the SSL server as part of the handshake.

Requirements

  Windows NT/2000: Requires Windows NT 4.0 SP4 or later.
  Windows 95/98: Requires Windows 95 or later. Available as a redistributable for Windows 95.
  Header: Declared in Winldap.h.

See Also

CERT_CONTEXT, Functions, ldap_set_option