SChannel send intermediate certificate chain from memory store
来源: https://stackoverflow.com/questions/30156584/schannel-send-intermediate-certificate-chain-from-memory-store
schannel
SChannel/SSL implementation?
问题 I can implement HTTP using "win sockets" easily , but I've been struggling to implement HTTPS using "SChannel" which is pretty much poorly documented "at least for me". How can I establish a secure connection for HTTPS communication and is there any security or performance considerations I should be aware of? 回答1: SChannel integrated quite well with Windows and allows you to perform authentication without asking the user's credentials. Schannel works on a lower level than HTTP. It allows you
SChannel/SSL implementation?
问题 I can implement HTTP using "win sockets" easily , but I've been struggling to implement HTTPS using "SChannel" which is pretty much poorly documented "at least for me". How can I establish a secure connection for HTTPS communication and is there any security or performance considerations I should be aware of? 回答1: SChannel integrated quite well with Windows and allows you to perform authentication without asking the user's credentials. Schannel works on a lower level than HTTP. It allows you
SSL Session reuse with SChannel (Windows)
问题 I have a program that use schannel.dll to make a SSL connection to remote server. But I'd like to disconnect from server often and reconnect without the need to renegotiate shared key again. I know that SSL support this, but don't know how to make it with SChannel. Can you help me? Here are some links that can help: Creating a Secure Connection Using Schannel: http://msdn.microsoft.com/en-us/library/aa374782(VS.85).aspx SSL session reuse - how to find if supported?: http://royontechnology
Looking for Platform SDK SSPI(Schannel) sample c++
问题 I want to see a microsoft sample that demonstrate using of SSPI with Schannel. As I see here there is a such sample, but I cannot succeed to find it :( Can anyone please help me to find it? Thanks in advance! 回答1: There are WebServer and WebClient examples in Windows® Server 2003 SP1 Platform SDK ISO Install under Microsoft Platform SDK\Samples\Security\SSPI\SSL . 来源: https://stackoverflow.com/questions/11330471/looking-for-platform-sdk-sspischannel-sample-c
How to import an OpenSSL key file into the Windows Certificate Store
问题 I've got an OpenSSL generated X.509 certificate in PEM format and it's associated key file. This certificate is required for authentication when connecting to a prototype server. This works fine on Linux. I've been using the Microsoft SChannel API to drive SSL/TLS connections on Windows platforms but I want to use the same test certificate. I can right-click on the certificate file and import it into my certificate store but I believe that the private key is not imported with it (even though
Can't connect to the SSL server that use only ephemeral ciphersuites (The Local Security Authority cannot be contacted)
问题 I'm trying to connect to the test server started with openssl (this limited ciphersuite combination is intended): openssl s_server -accept 443 -www -tls1_2 -cipher ECDHE:DHE:EDH -cert selfsignedcert.pem -key sskey.pem The code I use is similar to msdn's public static bool ValidateServerCertificate( object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) { return true; } ... var client = new TcpClient(target, port); SslStream sslStream = new SslStream
Is DTLS supported by Schannel on Windows 7?
问题 I have seen conflicting answers to this question. How would I activate a DTLS session using InitializeSecurityContext ? 回答1: DTLS is present in Windows 8 and later. When creating your credentials you need to the SCHANNEL_CRED grbitEnabledProtocols to include SP_PROT_DTLS1_0_SERVER or one of the other DTLS values from schannel.h You then need to select the correct requirements for the "required attributes" when creating your context (things like ISC_REQ_DATAGRAM from sspi.h). See technet for
InitializeSecurityContext (Schannel) not changing BufferType
问题 So i have following code: SecBuffer input_buffers[2]; SecBuffer output_buffers[2]; ULONG context_attributes; /* we need to try and perform the second (next) step of the init */ input_buffers[0].cbBuffer = tls_io_instance->received_byte_count; input_buffers[0].BufferType = SECBUFFER_TOKEN; input_buffers[0].pvBuffer = (void*)tls_io_instance->received_bytes; input_buffers[1].cbBuffer = 0; input_buffers[1].BufferType = SECBUFFER_EMPTY; input_buffers[1].pvBuffer = 0; SecBufferDesc input_buffers
Can't connect to the SSL server that use only ephemeral ciphersuites (The Local Security Authority cannot be contacted)
I'm trying to connect to the test server started with openssl (this limited ciphersuite combination is intended): openssl s_server -accept 443 -www -tls1_2 -cipher ECDHE:DHE:EDH -cert selfsignedcert.pem -key sskey.pem The code I use is similar to msdn's public static bool ValidateServerCertificate( object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) { return true; } ... var client = new TcpClient(target, port); SslStream sslStream = new SslStream(client.GetStream(), false,ValidateServerCertificate,null); sslStream.AuthenticateAsClient(target, null,