I am writing TLS server side code using schannel and need to require the client to mutually authenticate itself. I know this is done by sending a client certificate request at the end of the server hello. I see how to do it in openssl but I can not find how to do it with schannel.
EDIT.
The short answer is to use ASC_RET_MUTUAL_AUTH.
The slightly longer answer is to use ASC_REQ_MUTUAL_AUTH with AcceptSecurityContext, and then the client must respond to InitializeSecurityContext returning SEC_I_INCOMPLETE_CREDENTIALS.