2.2.3.1.2.1 PEAP_TLS_PHASE1_CONN_PROPERTIES
This data structure specifies the configuration for Microsoft implementation of PEAP Specification Phase 1 on the client. The fields are as follows.
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
2 |
|
|
|
|
|
|
|
|
|
3 |
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Version |
|||||||||||||||||||||||||||||||
|
Size |
|||||||||||||||||||||||||||||||
|
Flags |
|||||||||||||||||||||||||||||||
|
NumberOfCAs |
|||||||||||||||||||||||||||||||
|
TrustedCertHashInfoList (variable) |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
|
ServerName (variable) |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
Version (4 bytes): A 4-byte unsigned integer set to 1.
Size (4 bytes): A 4-byte unsigned integer set to the total size of PEAP_TLS_PHASE1_CONN_PROPERTIES data structure in bytes.
Flags (4 bytes): A 4-byte unsigned integer that indicates the properties for PEAP Phase 1 configuration by setting the following bit values.
-
0
1
2
3
4
5
6
7
8
91
0
1
2
3
4
5
6
7
8
92
0
1
2
3
4
5
6
7
8
93
0
10
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
C
0
0
B
A
0
-
Where the bits are defined as:
-
Value
Description
A
PeapTlsPhase1NoValidateServerCert: If set to 1, the client disables validation of the computer certificate of the authenticating server.
B
PeapTlsPhase1NoValidateName: If set to 1, the client disables matching of the name of the authenticating server as described in the ServerNames field.
C
PeapTlsPhase1DisablePromptValidation: If set to 1, the client does not prompt the user during the process of validating the certificate of the authenticating server. <24>
-
Other bits are not defined and are ignored by the client.
NumberOfCAs (4 bytes): A 4-byte unsigned integer that is set to the number of trusted root CAs being indicated.
TrustedCertHashInfoList (variable): An optional field that is present if and only if NumberOfCAs field is nonzero. TrustedCertHashInfoList contains a list of NumberOfCAs TrustedCertHashInfo structures for different trusted root certification authorities. The client trusts any root certification authority indicated in the list of TrustedCertHashInfo structures in this field to accept a certificate of the authenticating server.
ServerName (variable): A null-terminated string of Unicode characters indicating a name of an authenticating server that the client can authenticate to without additional user-consent. This can be a regular expression (as described in [ECMA-262], section 7.8.5). This field is ignored by the client if PeapTlsPhase1NoValidateServerCert or PeapTlsPhase1NoValidateName is set to 1.<25>