2.2.62 FW_AUTH_SUITE2_10

This structure describes an IPsec authentication suite. An authentication suite is a proposal of a set of algorithms and parameters that specify the authentication method to be used. It also includes some modifiers and parameters for the authentication method.

 typedef struct _tag_FW_AUTH_SUITE2_10 {
   [range(FW_AUTH_METHOD_INVALID+1, FW_AUTH_METHOD_MAX)] 
     FW_AUTH_METHOD Method;
   unsigned short wFlags;
   [switch_type(FW_AUTH_METHOD), switch_is(Method)] 
     union {
     [case(FW_AUTH_METHOD_MACHINE_CERT,FW_AUTH_METHOD_USER_CERT)] 
       struct {
       [ref, string] wchar_t* wszCAName;
     };
     [case(FW_AUTH_METHOD_MACHINE_SHKEY)] 
       struct {
       [ref, string] wchar_t* wszSHKey;
     };
     [default]       ;
   };
 } FW_AUTH_SUITE2_10,
  *PFW_AUTH_SUITE2_10;

Method: This field is of type FW_AUTH_METHOD. It specifies the authentication method that is suggested by this proposal suite.

wFlags: This flag is a combination of flags from FW_AUTH_SUITE_FLAGS.

wszCAName: A pointer to a Unicode string. This string represents the name of the certificate authority to be used to authenticate when using machine or user certificate methods.

wszSHKey: A pointer to a Unicode string. This string is the previous, manually shared secret that is used to authenticate when using preshared key methods.

If the method is machine certificate or user certificate, the wszCAName string MUST NOT be NULL, MUST be at least 1 character long, MUST NOT be greater than or equal to 10,000 characters, MUST NOT contain the pipe(|) character, and MUST be a CERT_X500_NAME_STR string type name encoded with X509_ASN_ENCODING. If the method is SHKEY, the wszSHKey string MUST NOT be NULL, MUST be at least 1 character long, MUST NOT be greater than or equal to 10,000 characters, and MUST NOT contain the pipe (|) character.