次の方法で共有


QUERYCLIENTCERT (Compact 2013)

3/26/2014

This callback function is an application-defined function. It is a client-side function that allows the server to request a certificate from the client when establishing a Secure Sockets Layer (SSL) connection. The QUERYCLIENTCERT name for this function is a placeholder for the function name defined by the application.

Syntax

BOOLEAN QUERYCLIENTCERT(
  PLDAP Connection,
  PSecPkgContext_IssuerListInfoEx trusted_CAs,
  HCERTSTORE hCertStore,
  DWORD* pcCreds
);

Parameters

  • Connection
    [in] Session handle.
  • trusted_CAs
    [in] List of server-trusted certification authorities.
  • hCertStore
    [in, out] Upon receiving the callback, the server converts the client certificates to CERT_CONTEXTs, adds them to a given CertStore handle along with the client credentials (pcCreds), and returns a value of TRUE. If the server is not willing to pass in a client certificate, a value of FALSE is returned.
  • pcCreds
    [in, out] Client credentials.

Return Value

The return values are user-defined.

Remarks

Implement this function in your client application with the signature described above. Then call ldap_set_option (conn, LDAP_OPT_CLIENT_CERTIFICATE, &CertRoutine), where CertRoutine is the address of your callback routine.

When the server demands a client certificate for authorization, it will call this callback function. The LDAP run time passes a structure containing a list of server-trusted certification authorities. If the user can successfully provide the server with a certificate issued by any of these certification authorities, the run time allocates an array of one or more CERT_CONTEXT structures, fills in the certificates, and passes back a pointer to the structure. The run time will subsequently pass these credentials to the SSL server as part of the handshake.

Requirements

Header

winldap.h

Library

wldap32.lib

See Also

Reference

LDAP Callback Functions
ldap_set_option

Other Resources

CERT_CONTEXT