TLS/SSL AcceptSecurityContext Certificate Key Usage

Question

AcceptSecurityContext

http://msdn.microsoft.com/en-us/library/aa374703(VS.85).aspx

When I use a self sign certificate created through IIS I see the Key usage fields as
Data Encipherment and Key Encipherment.
All of the TLS/SSL connects successfully.

When I use public CA certificate, which has the key usage fields is either missing or does not contain both Data Encipherment and Key Encipherment, the call to AcceptSecurityContext fails with

# for hex 0x80090308 / decimal -2146893048
  SEC_E_INVALID_TOKEN                                            winerror.h
# The token supplied to the function is invalid

or

# for hex 0x80090326 / decimal -2146893018
  SEC_E_ILLEGAL_MESSAGE                                          winerror.h

What Key usage attributes are required by AcceptSecurityContext on the provided Certificate?
I have not been able to find any clear documentation on the required key usage on a certificate.

Thanks in advance for any assistance in this matter.

Regards, Gary.

Answer 1

With the third party SSL certificates InBuffer.SetSecurityBufferToken(0, data, len);
Has a len of around 2K.
The buffer provided was 1K, the length test prior to reading threw an error on the second iteration at the socket on the other end.

This passed an abort to my end.

The reason the call was failing on the 3rd party SSL certificates is because reading the socket for the key exchange values failed. Not a buffer overflow, but obtuse error reporting.