SCHANNEL_CRED (Windows Embedded CE 6.0)
1/6/2010
This structure contains the data for an Schannel credential.
Syntax
typedef struct _SCHANNEL_CRED {
DWORD dwVersion;
DWORD cCreds;
PCCERT_CONTEXT* paCred;
HCERTSTORE hRootStore;
DWORD cMappers;
struct _HMAPPER** aphMappers;
DWORD cSupportedAlgs;
ALG_ID* palgSupportedAlgs;
DWORD grbitEnabledProtocols;
DWORD dwMinimumCipherStrength;
DWORD dwMaximumCipherStrength;
DWORD dwSessionLifespan;
DWORD dwFlags;
DWORD reserved;
} SCHANNEL_CRED, *PSCHANNEL_CRED;
Members
- dwVersion
Set to SCHANNEL_CRED_VERSION, which indicates the version number.
- cCreds
Number of structures in the paCred array.
paCred
Array of pointers to CERT_CONTEXT structures. Each pointer specifies a certificate that contains a private key to be used in authenticating the application. Typically, this array contains one structure for each key exchange method supported by the application.Client applications often pass in an empty list and either depend on Schannel to find an appropriate certificate or create a certificate later if needed.
- hRootStore
Optional. Valid for server applications only. Handle to a certificate store containing self-signed root certificates for certification authorities (CAs) trusted by the application. This member is used only by server-side applications requiring client authentication.
- cMappers
Reserved.
- aphMappers
Reserved.
- cSupportedAlgs
Number of algorithms in the palgSupportedAlgs array.
- palgSupportedAlgs
Optional. Pointer to an array of ALG_ID data types that represent the algorithms supported by connections made with credentials acquired using this structure. If cSupportedAlgs is zero or palgSupportedAlgs is NULL, Schannel uses the system defaults.
grbitEnabledProtocols
Optional. DWORD that contains a bit string representing the protocols supported by connections made with credentials acquired using this structure. If this member is zero, Schannel selects the protocol. Transport Layer Security 1.0 should be chosen for new development.This member is used only by the Microsoft Unified Security Protocol Provider security package.
The global system registry settings take precedence over this value. For example, if SSL3 is disabled in the registry, it cannot be enabled using this member.
The following table shows the possible flags this member can contain.
Value Description SP_PROT_TLS1_CLIENT
Transport Layer Security 1.0 client-side.
SP_PROT_TLS1_SERVER
Transport Layer Security 1.0 server-side.
SP_PROT_SSL3_CLIENT
Secure Sockets Layer 3.0 client-side.
SP_PROT_SSL3_SERVER
Secure Sockets Layer 3.0 server-side.
SP_PROT_SSL2_CLIENT
Secure Sockets Layer 2.0 client-side. Superseded by SP_PROT_TLS1_CLIENT.
SP_PROT_SSL2_SERVER
Secure Sockets Layer 2.0 server-side. Superseded by SP_PROT_TLS1_SERVER.
- dwMinimumCipherStrength
Specifies the minimum bulk encryption cipher strength allowed for connections, in bits. If this member is zero, Schannel uses the system default. If this member is -1, the SSL3/TLS MAC-only cipher suites (also known as NULL cipher) are enabled.
- dwMaximumCipherStrength
Specifies the maximum bulk encryption cipher strength allowed for connections, in bits. If this member is zero, Schannel uses the system default.
- dwSessionLifespan
Specifies the maximum life span of credentials acquired using this structure.
dwFlags
Contains bit flags that control the behavior of Schannel.Can be zero or a combination of the following values.
Value Description SCH_CRED_NO_SYSTEM_MAPPER
Windows 2000 server-side only.
Prevents Schannel from using the built-in system certificate mapping functions to map client certificates to a Windows NT/2000 user account.
SCH_CRED_NO_SERVERNAME_CHECK
Windows Embedded CE client-side only.
Prevents Schannel from comparing the supplied target name with the subject names in server certificates.
SCH_CRED_MANUAL_CRED_VALIDATION
Windows Embedded CE client-side only.
Prevents Schannel from validating the received server certificate chain.
SCH_CRED_NO_DEFAULT_CREDS
Windows Embedded CE client-side only.
Prevents Schannel from attempting to automatically supply a certificate chain for client authentication.
SCH_CRED_AUTO_CRED_VALIDATION
Windows Embedded CE client-side only.
Acts as the opposite of SCH_CRED_MANUAL_CRED_VALIDATION and is part of the default behavior of Schannel.
SCH_CRED_USE_DEFAULT_CREDS
Windows Embedded CE client-side only.
Attempts to automatically supply a certificate chain for client authentication. Opposite of SCH_CRED_NO_DEFAULT_CREDS.
- reserved
Reserved. Must be zero.
Requirements
Header | schnlsp.h |
Windows Embedded CE | Windows CE .NET 4.2 and later |