3.2.1 Abstract Data Model
This section describes a model of possible data organization that a client-side implementation can maintain to participate in this protocol. The described organization is provided to facilitate the explanation of how the protocol behaves. This specification does not mandate that an implementation adhere to this model as long as the external behavior of the implementation is consistent with what is described in this specification.
The SSTP client connection establishment phase goes through the state transitions illustrated in the state machine diagram in section 3.2.1.1.1.
CurrentState: An integer variable that the client uses to maintain the current state of the connection. The CurrentState variable is initialized when the client starts the SSTP connection and remains valid while the SSTP connection remains active. At any point in time, the CurrentState variable can have one of the following integer values. Each value represents the current state of the client state machine.
Client_Call_Disconnected
Client_Connect_Request_Sent
Client_Connect_Ack_Received
Client_Call_Connected
-
Additional state values common to both the client and server state machines are defined in section 3.1.1.
ClientCertificateHash: A multi-octet variable that the client uses to store the SHA1 hash or the SHA256 hash of the server certificate that is obtained during HTTPS negotiation. The client initializes this variable to the value of the server certificate hash when the HTTPS session is established (section 3.2.4.1). This variable stores a 20-byte SHA1 hash or a 32-byte SHA256 hash. This variable is used to generate the value of the Crypto Binding attribute (section 2.2.7) when the client sends an SSTP_MSG_CALL_CONNECTED message (sections 3.2.5.2 and 3.2.7).
ClientBypassHLAuth: In this Boolean variable, the SSTP layer stores a flag that will be used to indicate higher layer to bypass authentication (3.1.7.1). This variable is initialized by the client management layer during the establish SSTP tunnel event (3.2.4.1).
ClientHTTPCookie: In this string variable, the SSTP layer stores the HTTP cookie that will be passed to the HTTPS layer during HTTPS connection establishment (3.2.4.1) if the ClientBypassHLAuth variable is set to TRUE. This variable is initialized by the client management layer during the establish SSTP tunnel event (3.2.4.1). This variable stores name-value pairs (section 3.2.2 of [RFC2965]). The SSTP layer does not interpret the name-value pairs associated with ClientHTTPCookie.<5>
ClientHashProtocolSupported: A 1-byte variable that the client administrator uses to configure a bitmask representing the list of hashing methods that can be used to compute the Compound MAC in the Crypto Binding attribute (section 2.2.7). The format and possible values of this bitmask are defined under Hash Protocol Bitmask in section 2.2.10.
ClientHashProtocolChosen: A 1-byte variable that the SSTP client machine uses to store the hash protocol that is used to compute the Compound MAC in the Crypto Binding attribute (section 2.2.7). The possible values of this variable are defined under Hash Protocol in section 2.2.7. This variable is initialized when an SSTP client receives a SSTP_MSG_CALL_CONNECT_ACK message (section 2.2.10).
ClientNonce: A 32-byte variable that the SSTP client uses to store the nonce that is received from the server in an SSTP_MSG_CALL_CONNECT_ACK message (section 2.2.10). This variable is to send the nonce value when an SSTP client generates an SSTP_MSG_CALL_CONNECTED message (section 2.2.11).
ClientVersion: A 1-byte variable that the SSTP client initializes with the supported version of this protocol. The format of this field is specified in the description of the Version field in section 2.2.1. The client sets this field to the value of the Version field in all SSTP messages that it sends, and the client validates the value of this field against the Version field in all SSTP messages that it receives.