堆栈内存溢出
  简体   繁体   English

TLS握手过程由InitializeSecurityContext(Schannel)

[英]TLS Handshake process by InitializeSecurityContext (Schannel)

 原文  2012-04-02 09:31:07       c++/ winapi/ sspi/ handshake/ schannel

问题描述

I have to implement an TLS handshake process using the SSPI interface. 我必须使用SSPI接口实现TLS握手过程。
My app implements the client side, and as I saw from here the general flow is: 我的应用程序实现了客户端,正如我从这里看到的一般流程是:

  1. InitializeSecurityContext - first call return a pointer to a SecBufferDesc structure. InitializeSecurityContext - 首先调用返回指向SecBufferDesc结构的指针。
  2. Call to send ( =WinSock API) function with the output buffers. 使用输出缓冲区调用send (= WinSock API)函数。
  3. Call to recv function 调用recv功能
  4. Call to InitializeSecurityContext again with the buffers. 使用缓冲区再次调用InitializeSecurityContext。

The MSDN explanation about these buffers: 有关这些缓冲区的MSDN说明:

"On calls to this function after the initial call, there must be two buffers. The first has type SECBUFFER_TOKEN and contains the token received from the server. The second buffer has type SECBUFFER_EMPTY; set both the pvBuffer and cbBuffer members to zero." “在初始调用后调用此函数时,必须有两个缓冲区。第一个类型为SECBUFFER_TOKEN,包含从服务器接收的令牌。第二个缓冲区的类型为SECBUFFER_EMPTY;将pvBuffer和cbBuffer成员都设置为零。”

My questions: 我的问题:

  1. I need some more explanation: what is the meaning of the buffers? 我需要更多解释:缓冲区的含义是什么? what does the second buffer contain? 第二个缓冲区包含什么? what are they for? 它们是为了什么?
  2. In the MSDN is written that the TargetDataRep input parameter of InitializeSecurityContext function is nut used for Schannel, but many samples that I saw set it to SECURITY_NATIVE_DREP. 在MSDN中写道,InitializeSecurityContext函数的TargetDataRep输入参数是用于Schannel的,但我看到的许多样本都将其设置为SECURITY_NATIVE_DREP。 what is SECURITY_NATIVE_DREP flag? 什么是SECURITY_NATIVE_DREP标志? why does the MSDN say to set it to zero? 为什么MSDN会说它设置为零?

I will realy appreciate any help. 我真的很感激任何帮助。
Thanks!. 谢谢!。

1 个解决方案

解决方案1
 3 已采纳  2012-04-03 13:31:04

1. SChannel gives you a layer of abstraction to be able to transfer data buffers over secure channels. 1. SChannel为您提供了一层抽象,以便能够通过安全通道传输数据缓冲区。 The API is designed in the way that when you send a piece of data, you supply two data buffers - the actual data (payload) and the second buffer which holds secure channel token/context. API的设计方式是,当您发送一个数据时,您提供两个数据缓冲区 - 实际数据(有效负载)和保存安全通道令牌/上下文的第二个缓冲区。 It is assumed that you will be attaching this buffer to every payload buffer you are pushing through, eg because the API is not designed keep and manage this data internally eg with a handle. 假设您将此缓冲区附加到您正在推送的每个有效负载缓冲区,例如,因为API未设计保留并在内部管理此数据,例如使用句柄。

2. InitializeSecurityContext applies not only to SChannel package, in other scenarios this parameter is used and perhaps sample code you had a chance to see what related to a different package, or copied from there or applies to both. 2. InitializeSecurityContext不仅适用于SChannel包,在其他情况下也使用此参数,也许您可​​以使用示例代码查看与不同包相关的内容,或从那里复制或适用于两者。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 SChannel TLS 1.3 神秘附加消息 - SChannel TLS 1.3 mystery additional message 通道TLS服务器端无法CertFindCertificateInStore - SCHANNEL TLS Server side cannot CertFindCertificateInStore TLS握手消息解析 - TLS Handshake message parsing CURLpp:TLS握手错误 - CURLpp: TLS Handshake Error SChannel 支持 TLS 1.3 吗? 需要帮助编写 C/C++ 中的示例客户端/服务器程序以使用 SChannel 实现 TLS 1.3? - Does SChannel support TLS 1.3 ? Need help w.r.t example client/server programs in C/C++ for implementing TLS 1.3 using SChannel? 有没有人尝试使用带有 Windows-11 21h2 的 SChannel 使用 TLS 1.3? - Has anyone tried using TLS 1.3 using SChannel with Windows-11 21h2? 如何处理 QTcpServer 中的 TLS 握手超时? - How to handle TLS handshake timeout in QTcpServer? TLS 初始化失败和 SSL 握手失败 QtNetwork - TLS initialization failed and SSL handshake failed QtNetwork QWebSocket 无法处理握手 - QWebSocket can't process the handshake 在Visual Studio 2010中构建任何ffmpeg项目时出现错误链接2001 libavformat.a(tls_schannel.o) - Error Link 2001 libavformat.a(tls_schannel.o) when building any ffmpeg project in Visual Studio 2010
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM