SCHANNEL_CRED (Compact 2013)

  • Article

3/28/2014

This structure contains the data for an Schannel credential.

Syntax

typedef struct _SCHANNEL_CRED { 
  DWORD dwVersion; 
  DWORD cCreds; 
  PCCERT_CONTEXT* paCred; 
  HCERTSTORE hRootStore; 
  DWORD cMappers; 
  struct _HMAPPER** aphMappers; 
  DWORD cSupportedAlgs; 
  ALG_ID* palgSupportedAlgs; 
  DWORD grbitEnabledProtocols; 
  DWORD dwMinimumCipherStrength; 
  DWORD dwMaximumCipherStrength; 
  DWORD dwSessionLifespan; 
  DWORD dwFlags; 
  DWORD reserved; 
} SCHANNEL_CRED, *PSCHANNEL_CRED;

Members

  • dwVersion
    Set to SCHANNEL_CRED_VERSION, which indicates the version number.
  • cCreds
    Number of structures in the paCred array.

  • paCred
    Array of pointers to CERT_CONTEXT structures. Each pointer specifies a certificate that contains a private key to be used in authenticating the application. Typically, this array contains one structure for each key exchange method supported by the application.

    Client applications often pass in an empty list and either depend on Schannel to find an appropriate certificate or create a certificate later if needed.

  • hRootStore
    Optional. Valid for server applications only. Handle to a certificate store containing self-signed root certificates for certification authorities (CAs) trusted by the application. This member is used only by server-side applications requiring client authentication.
  • cMappers
    Reserved.
  • aphMappers
    Reserved.
  • cSupportedAlgs
    Number of algorithms in the palgSupportedAlgs array.
  • palgSupportedAlgs
    Optional. Pointer to an array of ALG_ID data types that represent the algorithms supported by connections made with credentials acquired using this structure. If cSupportedAlgs is zero or palgSupportedAlgs is NULL, Schannel uses the system defaults.

  • grbitEnabledProtocols
    Optional. DWORD that contains a bit string representing the protocols supported by connections made with credentials acquired using this structure. If this member is zero, Schannel selects the protocol. Transport Layer Security 1.0 should be chosen for new development.

    This member is used only by the Microsoft Unified Security Protocol Provider security package.

    The global system registry settings take precedence over this value. For example, if SSL3 is disabled in the registry, it cannot be enabled using this member.

    The following table shows the possible flags this member can contain.

    Value

    Description

    SP_PROT_TLS1_CLIENT

    Transport Layer Security 1.0 client-side.

    SP_PROT_TLS1_SERVER

    Transport Layer Security 1.0 server-side.

    SP_PROT_SSL3_CLIENT

    Secure Sockets Layer 3.0 client-side.

    SP_PROT_SSL3_SERVER

    Secure Sockets Layer 3.0 server-side.

    SP_PROT_SSL2_CLIENT

    Secure Sockets Layer 2.0 client-side. Superseded by SP_PROT_TLS1_CLIENT.

    SP_PROT_SSL2_SERVER

    Secure Sockets Layer 2.0 server-side. Superseded by SP_PROT_TLS1_SERVER.
  • dwMinimumCipherStrength
    Specifies the minimum bulk encryption cipher strength allowed for connections, in bits. If this member is zero, Schannel uses the system default. If this member is -1, the SSL3/TLS MAC-only cipher suites (also known as NULL cipher) are enabled.
  • dwMaximumCipherStrength
    Specifies the maximum bulk encryption cipher strength allowed for connections, in bits. If this member is zero, Schannel uses the system default.
  • dwSessionLifespan
    Specifies the maximum life span of credentials acquired using this structure.

  • dwFlags
    Contains bit flags that control the behavior of Schannel.

    Can be zero or a combination of the following values.

    Value

    Description

    SCH_CRED_NO_SYSTEM_MAPPER

    Windows 2000 server-side only.

    Prevents Schannel from using the built-in system certificate mapping functions to map client certificates to a Windows NT/2000 user account.

    SCH_CRED_NO_SERVERNAME_CHECK

    Windows Embedded Compact client-side only.

    Prevents Schannel from comparing the supplied target name with the subject names in server certificates.

    SCH_CRED_MANUAL_CRED_VALIDATION

    Windows Embedded Compact client-side only.

    Prevents Schannel from validating the received server certificate chain.

    SCH_CRED_NO_DEFAULT_CREDS

    Windows Embedded Compact client-side only.

    Prevents Schannel from attempting to automatically supply a certificate chain for client authentication.

    SCH_CRED_AUTO_CRED_VALIDATION

    Windows Embedded Compact client-side only.

    Acts as the opposite of SCH_CRED_MANUAL_CRED_VALIDATION and is part of the default behavior of Schannel.

    SCH_CRED_USE_DEFAULT_CREDS

    Windows Embedded Compact client-side only.

    Attempts to automatically supply a certificate chain for client authentication. Opposite of SCH_CRED_NO_DEFAULT_CREDS.
  • reserved
    Reserved; set to 0 (zero).

Requirements

Header

schnlsp.h

See Also

Reference

Authentication Services Structures
ALG_ID
CERT_CONTEXT