QUERYCLIENTCERT (Compact 2013)
3/26/2014
This callback function is an application-defined function. It is a client-side function that allows the server to request a certificate from the client when establishing a Secure Sockets Layer (SSL) connection. The QUERYCLIENTCERT name for this function is a placeholder for the function name defined by the application.
Syntax
BOOLEAN QUERYCLIENTCERT(
PLDAP Connection,
PSecPkgContext_IssuerListInfoEx trusted_CAs,
HCERTSTORE hCertStore,
DWORD* pcCreds
);
Parameters
- Connection
[in] Session handle.
- trusted_CAs
[in] List of server-trusted certification authorities.
- hCertStore
[in, out] Upon receiving the callback, the server converts the client certificates to CERT_CONTEXTs, adds them to a given CertStore handle along with the client credentials (pcCreds), and returns a value of TRUE. If the server is not willing to pass in a client certificate, a value of FALSE is returned.
- pcCreds
[in, out] Client credentials.
Return Value
The return values are user-defined.
Remarks
Implement this function in your client application with the signature described above. Then call ldap_set_option (conn, LDAP_OPT_CLIENT_CERTIFICATE, &CertRoutine), where CertRoutine is the address of your callback routine.
When the server demands a client certificate for authorization, it will call this callback function. The LDAP run time passes a structure containing a list of server-trusted certification authorities. If the user can successfully provide the server with a certificate issued by any of these certification authorities, the run time allocates an array of one or more CERT_CONTEXT structures, fills in the certificates, and passes back a pointer to the structure. The run time will subsequently pass these credentials to the SSL server as part of the handshake.
Requirements
Header |
winldap.h |
Library |
wldap32.lib |
See Also
Reference
LDAP Callback Functions
ldap_set_option