2.2.1.2.140 SSTP_CERT_INFO_1
The SSTP_CERT_INFO_1 structure<127> contain the subject name of the x.509 certificates that will be configured by the RRAS to be used in SSL/TLS negotiation as a part of the [MS-SSTP] protocol.
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
2 |
|
|
|
|
|
|
|
|
|
3 |
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
isDefault |
|||||||||||||||||||||||||||||||
|
certBlob (variable) |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
isDefault (4 bytes): This value specifies how the SSTP certificate hash values are configured. Possible flag values are as follows.
-
Value
Meaning
TRUE
RRAS server chooses a certificate hash on its own automatically.
FALSE
The SSTP certificate hash values are configured by the administrator.
-
This value SHOULD be set to FALSE when sent. The RRAS server specifies TRUE for this value if administrator has not configured the certificate and default certificate selection logic is used. This value is FALSE if the administrator has configured the certificate.
certBlob (variable): This MUST be a CERT_BLOB_1. This contains the Certificate HASH Length and Certificate Hash. It accepts ONLY SHA256 HASH as the valid HASH. Thus, the value of the length field SHOULD always be 32 [RFC2459]. Specifying a value 0 for the cbData member of CERT_BLOB_1 removes the certificate configuration. In this case, RRAS server uses its default certificate selection logic.