Compartir a través de


2.2.3.1.2.1 PEAP_TLS_PHASE1_CONN_PROPERTIES

This data structure specifies the configuration for Microsoft implementation of PEAP Specification Phase 1 on the client. The fields are as follows.


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

Version

Size

Flags

NumberOfCAs

TrustedCertHashInfoList (variable)

...

ServerName (variable)

...

Version (4 bytes): A 4-byte unsigned integer set to 1.

Size (4 bytes): A 4-byte unsigned integer set to the total size of PEAP_TLS_PHASE1_CONN_PROPERTIES data structure in bytes.

Flags (4 bytes): A 4-byte unsigned integer that indicates the properties for PEAP Phase 1 configuration by setting the following bit values.


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

C

0

0

B

A

0

Where the bits are defined as:

Value

Description

A

PeapTlsPhase1NoValidateServerCert: If set to 1, the client disables validation of the computer certificate of the authenticating server.

B

PeapTlsPhase1NoValidateName: If set to 1, the client disables matching of the name of the authenticating server as described in the ServerNames field.

C

PeapTlsPhase1DisablePromptValidation: If set to 1, the client does not prompt the user during the process of validating the certificate of the authenticating server. <24>

Other bits are not defined and are ignored by the client.

NumberOfCAs (4 bytes): A 4-byte unsigned integer that is set to the number of trusted root CAs being indicated.

TrustedCertHashInfoList (variable): An optional field that is present if and only if NumberOfCAs field is nonzero. TrustedCertHashInfoList contains a list of NumberOfCAs TrustedCertHashInfo structures for different trusted root certification authorities. The client trusts any root certification authority indicated in the list of TrustedCertHashInfo structures in this field to accept a certificate of the authenticating server.

ServerName (variable): A null-terminated string of Unicode characters indicating a name of an authenticating server that the client can authenticate to without additional user-consent. This can be a regular expression (as described in [ECMA-262], section 7.8.5). This field is ignored by the client if PeapTlsPhase1NoValidateServerCert or PeapTlsPhase1NoValidateName is set to 1.<25>