DTLS with Schannel: What is SEC_CHAR *pszTargetName used for?

Shahrzad 61 Reputation points
2021-12-09T14:03:11.147+00:00

It seems that for calling InitializeSecurityContext, we must enter pszTargetName (can disable it using the SCH_CRED_NO_SERVERNAME_CHECK flag).
Why is it necessary? What am I missing if I disable it?

Thanks.

Windows API - Win32
Windows API - Win32
A core set of Windows application programming interfaces (APIs) for desktop and server applications. Previously known as Win32 API.
2,357 questions
{count} votes

Accepted answer
  1. Xiaopo Yang - MSFT 10,786 Reputation points Microsoft Vendor
    2021-12-10T02:02:40.21+00:00

    Hello,

    Welcome to Microsoft Q&A!

    According to InitializeSecurityContext, pTargetName(Schannel/SSL):

    Null-terminated string that uniquely identifies the target server. Schannel uses this value to verify the server certificate. Schannel also uses this value to locate the session in the session cache when reestablishing a connection.

    And SCH_CRED_NO_SERVERNAME_CHECK prevent Client Schannel from comparing the supplied target name with the subject names in server certificates.

    Thank you.


    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

0 additional answers

Sort by: Most helpful