IKEEXT_CERTIFICATE_AUTHENTICATION0 (Compact 2013)
3/26/2014
This structure is used to specify various parameters for authentication with certificates.
Syntax
typedef struct IKEEXT_CERTIFICATE_AUTHENTICATION0_ {
IKEEXT_CERT_CONFIG_TYPE inboundConfigType;
union {
struct {
UINT32 inboundRootArraySize;
IKEEXT_CERT_ROOT_CONFIG0* inboundRootArray;
};
IKEEXT_CERT_ROOT_CONFIG0* inboundEnterpriseStoreConfig;
IKEEXT_CERT_ROOT_CONFIG0* inboundTrustedRootStoreConfig;
};
IKEEXT_CERT_CONFIG_TYPE outboundConfigType;
union {
struct {
UINT32 outboundRootArraySize;
IKEEXT_CERT_ROOT_CONFIG0* outboundRootArray;
};
IKEEXT_CERT_ROOT_CONFIG0* outboundEnterpriseStoreConfig;
IKEEXT_CERT_ROOT_CONFIG0* outboundTrustedRootStoreConfig;
};
UINT32 flags;
} IKEEXT_CERTIFICATE_AUTHENTICATION0;
Members
inboundConfigType
Certificate configuration type for inbound peer certificate verification.See topic IKEEXT_CERT_CONFIG_TYPE for more information.
inboundRootArraySize
Number of elements in the inboundRootArray member.Available when inboundConfigType is IKEEXT_CERT_CONFIG_EXPLICIT_TRUST_LIST.
inboundRootArray
Explicit trust list for verifying the peer certificate chain.Available when inboundConfigType is IKEEXT_CERT_CONFIG_EXPLICIT_TRUST_LIST.
See topic IKEEXT_CERT_ROOT_CONFIG0 for more information.
inboundEnterpriseStoreConfig
Enterprise store configuration for verifying the peer certificate chain.Available when inboundConfigType is IKEEXT_CERT_CONFIG_ENTERPRISE_STORE.
See topic IKEEXT_CERT_ROOT_CONFIG0 for more information.
inboundTrustedRootStoreConfig
Trusted root store configuration for verifying the peer certificate chain.Available when inboundConfigType is IKEEXT_CERT_CONFIG_TRUSTED_ROOT_STORE.
See topic IKEEXT_CERT_ROOT_CONFIG0 for more information.
outboundConfigType
Certificate configuration type for outbound local certificate verification.See topic IKEEXT_CERT_CONFIG_TYPE for more information.
outboundRootArraySize
Number of elements in the outboundRootArray member.Available when outboundConfigType is IKEEXT_CERT_CONFIG_EXPLICIT_TRUST_LIST.
outboundRootArray
Explicit trust list for selecting a certificate chain to send to the peer.Available when outboundConfigType is IKEEXT_CERT_CONFIG_EXPLICIT_TRUST_LIST.
See topic IKEEXT_CERT_ROOT_CONFIG0 for more information.
outboundEnterpriseStoreConfig
Enterprise store configuration for selecting the certificate chain.Available when outboundConfigType is IKEEXT_CERT_CONFIG_ENTERPRISE_STORE.
See topic IKEEXT_CERT_ROOT_CONFIG0 for more information.
outboundTrustedRootStoreConfig
Trusted root store configuration for selecting the certificate chain.Available when outboundConfigType is IKEEXT_CERT_CONFIG_ROOT_STORE.
See topic IKEEXT_CERT_ROOT_CONFIG0 for more information.
- flags
A combination of the values listed in the Remarks section below, which specifies the certificate authentication characteristics.
Remarks
The Flags data member can be a combination of the following values, which specifies the certificate authentication characteristics.
IKE/AuthIP certificate authentication flag |
Meaning |
|---|---|
IKEEXT_CERT_AUTH_FLAG_DISABLE_CRL_CHECK |
Disable CRL checking. By default weak CRL checking is enabled. Weak checking means that a certificate will be rejected if and only if CRL is successfully looked up and the certificate is found to be revoked. |
IKEEXT_CERT_AUTH_ENABLE_CRL_CHECK_STRONG |
Enable strong CRL checking. Strong checking means that a certificate will be rejected if certificate is found to be revoked, or if any other error (for example, CRL could not be retrieved) takes place while performing the revocation checking. |
Requirements
Header |
fwpmu.h |