Re: AcquireCredentialsHandle (Schannel)
- From: <alun@xxxxxxxxxxxxx>
- Date: Thu, 19 Jul 2007 07:12:25 -0700
"Michael Bauers" <MichaelBauers@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:DF5B2235-8E38-4A01-9858-0EE52CB34691@xxxxxxxxxxxxxxxx
The platform SDK contains an example of using SSPI functions for SSL.
I have not been able to get it to work. I am only trying to get the server
portion to run, and I always fail early on, calling AcquireCredentialsHandle,
and getting back SEC_E_NO_CREDENTIALS.
Possible issues I can think of:
* There's some issue with the certificate I am using (Could be anything,
someone generated me a server authentication certificate for the purpose of
trying to get the sample code working; I don't even think I have a private
key associated with it, or know how that works)
That's a good thought. In order to use a certificate to identify a server, the process running the server must have a private key corresponding to that certificate.
* There's something wrong with my environment; I am running on a corporate
workstation with whatever rights are assigned to me
As long as you have access to the certificate and its associated private key, you don't need any particular rights in order to run a server that identifies itself using SSL.
I would strongly recommend that you find out how certificates and private keys work, if you're going to develop a solution that anyone else will use - there are several little traps that you can fall into along the way that will kill the security of your application if you work from a partial understanding.
I would recommend reading Eric Rescorla's book on SSL / TLS - while it doesn't address SSPI directly, everything in there is translatable into SSPI, and the book provides a very complete and thorough description of how to protect a network communication protocol using SSL / TLS.
Alun.
~~~~
--
Texas Imperial Software | Web: http://www.wftpd.com/
23921 57th Ave SE | Blog: http://msmvps.com/alunj/
Woodinville WA 98072-8661 | WFTPD, WFTPD Pro are Windows FTP servers.
Fax/Voice +1(425)807-1787 | Try our client software, WFTPD Explorer.
.
- Prev by Date: Re: Validating Domain User Identity
- Next by Date: Re: testing CSP and Windows Vista
- Previous by thread: InitializeSecurityContext Fails with SEC_E_CERT_UNKNOWN
- Next by thread: Re: Decrypting SSL handshaking
- Index(es):
Relevant Pages
|
|
