| Directory Services |
The QUERYCLIENTCERT function is a client-side function that allows the server to request a certificate from the client when establishing a Secure Sockets Layer (SSL) connection.
BOOLEAN QUERYCLIENTCERT( PLDAP Connection, PSecPkgContext_IssuerListInfoEx trusted_CAs, PCCERT_CONTEXT* ppCertificate );
Implement this function in your client application with the signature previously described. Then call ldap_set_option (conn, LDAP_OPT_CLIENT_CERTIFICATE, &CertRoutine) where CertRoutine is the address of your callback routine.
When the server demands a client certificate for authorization it will call QUERYCLIENTCERT. The LDAP run time passes a structure containing a list of server-trusted Certificate Authorities. The client application must examine this list of CAs the server trusts and supply an appropriate client certificate. The run time subsequently passes these credentials back to the SSL server as part of the handshake. If the cleint application desires that anonymous credentials be used, it should pass back FALSE instead of supplying a certificate.
Note The application must perform an external bind subsequent to establishing the connection in order for the server to use the supplied client credentials.
Client: Included in Windows XP and
Windows 2000 Professional.
Server: Included in Windows Server 2003 and
Windows 2000 Server.
Redistributable: Requires Active Directory Client Extension
on Windows NT 4.0 SP6a and Windows 95/98/Me.
Header: Declared in Winldap.h.
CERT_CONTEXT, Functions, ldap_set_option