Important:
This is retired content. This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.

A version of this page is also available for

4/8/2010

This structure contains the data for an Schannel credential.

Syntax


typedef struct _SCHANNEL_CRED { DWORD dwVersion; DWORD cCreds; PCCERT_CONTEXT* paCred; HCERTSTORE hRootStore; DWORD cMappers; struct _HMAPPER** aphMappers; DWORD cSupportedAlgs; ALG_ID* palgSupportedAlgs; DWORD grbitEnabledProtocols; DWORD dwMinimumCipherStrength; DWORD dwMaximumCipherStrength; DWORD dwSessionLifespan; DWORD dwFlags; DWORD reserved; } SCHANNEL_CRED, *PSCHANNEL_CRED;

typedef struct _SCHANNEL_CRED { 
  DWORD 
dwVersion; 
  DWORD 
cCreds; 
  PCCERT_CONTEXT* 
paCred; 
  HCERTSTORE 
hRootStore; 
  DWORD 
cMappers; 
  struct _HMAPPER** 
aphMappers; 
  DWORD 
cSupportedAlgs; 
  ALG_ID* 
palgSupportedAlgs; 
  DWORD 
grbitEnabledProtocols; 
  DWORD 
dwMinimumCipherStrength; 
  DWORD 
dwMaximumCipherStrength; 
  DWORD 
dwSessionLifespan; 
  DWORD 
dwFlags; 
  DWORD 
reserved; 
} SCHANNEL_CRED, *PSCHANNEL_CRED;

Members

dwVersion: Set to SCHANNEL_CRED_VERSION, which indicates the version number.

cCreds: Number of structures in the paCredarray.

paCred

Array of pointers to CERT_CONTEXTstructures. Each pointer specifies a certificate that contains a private key to be used in authenticating the application. Typically, this array contains one structure for each key exchange method supported by the application.

Client applications often pass in an empty list and either depend on Schannel to find an appropriate certificate or create a certificate later if needed.

hRootStore: Optional. Valid for server applications only. Handle to a certificate store containing self-signed root certificates for certification authorities (CAs) trusted by the application. This member is used only by server-side applications requiring client authentication.

cMappers: Reserved.

aphMappers: Reserved.

cSupportedAlgs: Number of algorithms in the palgSupportedAlgsarray.

palgSupportedAlgs: Optional. Pointer to an array of ALG_IDdata types that represent the algorithms supported by connections made with credentials acquired using this structure. If cSupportedAlgsis zero or palgSupportedAlgsis NULL, Schannel uses the system defaults.

grbitEnabledProtocols

Optional. DWORDthat contains a bit string representing the protocols supported by connections made with credentials acquired using this structure. If this member is zero, Schannel selects the protocol. Transport Layer Security 1.0 should be chosen for new development.

This member is used only by the Microsoft Unified Security Protocol Provider security package.

The global system registry settings take precedence over this value. For example, if SSL3 is disabled in the registry, it cannot be enabled using this member.

The following table shows the possible flags this member can contain.

Value	Description
SP_PROT_TLS1_CLIENT	Transport Layer Security 1.0 client-side.
SP_PROT_TLS1_SERVER	Transport Layer Security 1.0 server-side.
SP_PROT_SSL3_CLIENT	Secure Sockets Layer 3.0 client-side.
SP_PROT_SSL3_SERVER	Secure Sockets Layer 3.0 server-side.
SP_PROT_SSL2_CLIENT	Secure Sockets Layer 2.0 client-side. Superseded by SP_PROT_TLS1_CLIENT.
SP_PROT_SSL2_SERVER	Secure Sockets Layer 2.0 server-side. Superseded by SP_PROT_TLS1_SERVER.

dwMinimumCipherStrength: Specifies the minimum bulk encryption cipher strength allowed for connections, in bits. If this member is zero, Schannel uses the system default. If this member is -1, the SSL3/TLS MAC-only cipher suites (also known as NULL cipher) are enabled.

dwMaximumCipherStrength: Specifies the maximum bulk encryption cipher strength allowed for connections, in bits. If this member is zero, Schannel uses the system default.

dwSessionLifespan: Specifies the maximum life span of credentials acquired using this structure.

dwFlags

Contains bit flags that control the behavior of Schannel.

Can be zero or a combination of the following values.

Value	Description
SCH_CRED_NO_SYSTEM_MAPPER	Server-side only. Prevents Schannel from using the built-in system certificate mapping functions to map client certificates to a Windows NT/2000 user account.
SCH_CRED_NO_SERVERNAME_CHECK	Client-side only. Prevents Schannel from comparing the supplied target name with the subject names in server certificates.
SCH_CRED_MANUAL_CRED_VALIDATION	Client-side only. Prevents Schannel from validating the received server certificate chain.
SCH_CRED_NO_DEFAULT_CREDS	Client-side only. Prevents Schannel from attempting to automatically supply a certificate chain for client authentication.
SCH_CRED_AUTO_CRED_VALIDATION	Client-side only. Acts as the opposite of SCH_CRED_MANUAL_CRED_VALIDATION and is part of the default behavior of Schannel.
SCH_CRED_USE_DEFAULT_CREDS	Client-side only. Attempts to automatically supply a certificate chain for client authentication. Opposite of SCH_CRED_NO_DEFAULT_CREDS.

reserved: Reserved. Must be zero.

Requirements

Header	schnlsp.h
Windows Embedded CE	Windows CE .NET 4.2 and later
Windows Mobile	Windows Mobile Version 5.0 and later

Syntax

Members

Requirements

See Also

Reference