3.1.5.4 Receiving Data in the WaitingForHandshakeDone State

The first five bytes received MUST be interpreted as the header of a Handshake message (as specified in section 2.2). The payload size MUST be reassembled from the HighByteOfPayloadSize and LowByteOfPayloadSize fields. The MajorVersion and MinorVersion MUST be ignored. The implementation MUST continue to receive data from the Underlying TCP Connection (storing it in the Framing Buffer) until the entire payload has been received. If the message has a HandshakeId of HandshakeDone, the AuthPayload field MUST be ignored. The Stream State MUST be set to Authenticated, and the client application MUST be notified of a successful authentication.

If the message has a HandshakeId of HandshakeError, the Security Provider Context MUST be deleted, the Underlying TCP Connection MUST be closed, and the Stream State MUST be set to Closed. The application MUST be notified of the HRESULT contained in the AuthPayload field. (If the application wishes to retry the authentication, it can do so by invoking a new instance of the protocol with a new Underlying TCP Connection.)

If the message has any other HandshakeId (including HandshakeInProgress) the message type is invalid. The Security Provider Context MUST be deleted, the Underlying TCP Connection MUST be closed, and the Stream State MUST be set to Closed. The application MUST be notified of the failure. (If the application wishes to retry the authentication, it can do so by invoking a new instance of the protocol with a new Underlying TCP Connection.)