SCHANNEL_CRED (Windows CE 5.0)

Send Feedback

This structure contains the data for an Schannel credential.

typedef struct _SCHANNEL_CRED { DWORDdwVersion;DWORDcCreds;PCCERT_CONTEXT*paCred;HCERTSTOREhRootStore;DWORD cMappers;struct _HMAPPER**aphMappers;DWORDcSupportedAlgs;ALG_ID*palgSupportedAlgs;DWORDgrbitEnabledProtocols;DWORDdwMinimumCipherStrength;DWORDdwMaximumCipherStrength;DWORDdwSessionLifespan;DWORDdwFlags;DWORDreserved;} SCHANNEL_CRED, *PSCHANNEL_CRED;

Members

  • dwVersion
    Set to SCHANNEL_CRED_VERSION, which indicates the version number.

  • cCreds
    Number of structures in the paCred array.

  • paCred
    Array of pointers to CERT_CONTEXT structures. Each pointer specifies a certificate that contains a private key to be used in authenticating the application. Typically, this array contains one structure for each key exchange method supported by the application.

    Client applications often pass in an empty list and either depend on Schannel to find an appropriate certificate or create a certificate later if needed.

  • hRootStore
    Optional. Valid for server applications only. Handle to a certificate store containing self-signed root certificates for certification authorities (CAs) trusted by the application. This member is used only by server-side applications requiring client authentication.

  • cMappers
    Reserved.

  • aphMappers
    Reserved.

  • cSupportedAlgs
    Number of algorithms in the palgSupportedAlgs array.

  • palgSupportedAlgs
    Optional. Pointer to an array of ALG_ID data types that represent the algorithms supported by connections made with credentials acquired using this structure. If cSupportedAlgs is zero or palgSupportedAlgs is NULL, Schannel uses the system defaults.

  • grbitEnabledProtocols
    Optional. DWORD that contains a bit string representing the protocols supported by connections made with credentials acquired using this structure. If this member is zero, Schannel selects the protocol. Transport Layer Security 1.0 should be chosen for new development.

    This member is used only by the Microsoft Unified Security Protocol Provider security package.

    The global system registry settings take precedence over this value. For example, if SSL3 is disabled in the registry, it cannot be enabled using this member.

    The following table shows the possible flags this member can contain.

    Value Description
    SP_PROT_TLS1_CLIENT Transport Layer Security 1.0 client-side.
    SP_PROT_TLS1_SERVER Transport Layer Security 1.0 server-side.
    SP_PROT_SSL3_CLIENT Secure Sockets Layer 3.0 client-side.
    SP_PROT_SSL3_SERVER Secure Sockets Layer 3.0 server-side.
    SP_PROT_SSL2_CLIENT Secure Sockets Layer 2.0 client-side. Superseded by SP_PROT_TLS1_CLIENT.
    SP_PROT_SSL2_SERVER Secure Sockets Layer 2.0 server-side. Superseded by SP_PROT_TLS1_SERVER.
  • dwMinimumCipherStrength
    Specifies the minimum bulk encryption cipher strength allowed for connections, in bits. If this member is zero, Schannel uses the system default. If this member is -1, the SSL3/TLS MAC-only cipher suites (also known as NULL cipher) are enabled.

  • dwMaximumCipherStrength
    Specifies the maximum bulk encryption cipher strength allowed for connections, in bits. If this member is zero, Schannel uses the system default.

  • dwSessionLifespan
    Specifies the maximum life span of credentials acquired using this structure.

  • dwFlags
    Contains bit flags that control the behavior of Schannel.

    Can be zero or a combination of the following values.

    Value Description
    SCH_CRED_NO_SYSTEM_MAPPER Windows 2000 server-side only.

    Prevents Schannel from using the built-in system certificate mapping functions to map client certificates to a Windows NT/2000 user account.

    SCH_CRED_NO_SERVERNAME_CHECK Windows CE client-side only.

    Prevents Schannel from comparing the supplied target name with the subject names in server certificates.

    SCH_CRED_MANUAL_CRED_VALIDATION Windows CE client-side only.

    Prevents Schannel from validating the received server certificate chain.

    SCH_CRED_NO_DEFAULT_CREDS Windows CE client-side only.

    Prevents Schannel from attempting to automatically supply a certificate chain for client authentication.

    SCH_CRED_AUTO_CRED_VALIDATION Windows CE client-side only.

    Acts as the opposite of SCH_CRED_MANUAL_CRED_VALIDATION and is part of the default behavior of Schannel.

    SCH_CRED_USE_DEFAULT_CREDS Windows CE client-side only.

    Attempts to automatically supply a certificate chain for client authentication. Opposite of SCH_CRED_NO_DEFAULT_CREDS.

  • reserved
    Reserved. Must be zero.

Requirements

OS Versions: Windows CE .NET 4.2 and later.
Header: Schnlsp.h.

See Also

ALG_ID | CERT_CONTEXT

Send Feedback on this topic to the authors

Feedback FAQs

© 2006 Microsoft Corporation. All rights reserved.