InternetGetCertByURL always returns FALSE
Viktor Krammer
I would like to access the information of the security certificate of the
current page from within an Internet Explorer add-on and found the
undocumented function:
INTERNETAPI_(BOOL) InternetGetCertByURL(LPCWSTR lpszURL,LPWSTR
lpszCertText,DWORD dwcbCertText);
Unfortunately, the function returns always FALSE on IE6 and IE8.
Does anybody know how to get the certificate data in Internet Explorer?
best regards,
Viktor Krammer
--
http://www.quero.at/
The New Web Experience
rob^_^
Did you see this thread in the wininet PNG?
Regards.
"Viktor Krammer" <support@quero_no_spam.at> wrote in message
news:ut$2jL9YK...@TK2MSFTNGP05.phx.gbl...
Viktor Krammer
yes, I have read that thread, but it seems that nobody was ever able to use
that function?
Igor Tandetnik
> I would like to access the information of the security certificate of
> the current page from within an Internet Explorer add-on and found the
> undocumented function:
>
> INTERNETAPI_(BOOL) InternetGetCertByURL(LPCWSTR lpszURL,LPWSTR
> lpszCertText,DWORD dwcbCertText);
>
> Unfortunately, the function returns always FALSE on IE6 and IE8.
Since IE6, InternetGetCertByURL is just a stub. If you step through the disassembly, it returns FALSE right away.
> Does anybody know how to get the certificate data in Internet
> Explorer?
Not easily. The only way I know of is to actually intercept all HTTP requests, e.g. by using my Passthrough APP. While the request is in progress, you can use InternetQueryOption (or IWinInetInfo::QueryOption) with INTERNET_OPTION_SECURITY_CERTIFICATE_STRUCT flag.
Or, I suppose, you could send another request to the same server in the background, and obtain the certificate this way.
--
With best wishes,
Igor Tandetnik
With sufficient thrust, pigs fly just fine. However, this is not necessarily a good idea. It is hard to be sure where they are going to land, and it could be dangerous sitting under them as they fly overhead. -- RFC 1925
Viktor Krammer
Thanks for your info.
>Or, I suppose, you could send another request to the same server in the
>background, and obtain the certificate this way.
I also had that idea just some moments ago :-)
I have played a bit with InternetQueryOption &
INTERNET_OPTION_SECURITY_CERTIFICATE_STRUCT.
The problem is that it returns the certificate subject just in a flat
string, and does not retain the name, value pairs such as O=organization
name.
Do you know how to get the raw subject info from a certificate?
Best regards,
bobster
OT, but -- still using quero with XP-SP3, IE8. Great combination!
Many thanks
======================================================
"Viktor Krammer" <support@quero_no_spam.at> wrote in message
news:eI5zkH$YKHA...@TK2MSFTNGP05.phx.gbl...
Igor Tandetnik
> I have played a bit with InternetQueryOption &
> INTERNET_OPTION_SECURITY_CERTIFICATE_STRUCT.
>
> The problem is that it returns the certificate subject just in a flat
> string, and does not retain the name, value pairs such as O=organization
> name.
>
> Do you know how to get the raw subject info from a certificate?
Not with WinInet, to the best of my knowledge. You could try with WinHttp - see in particular WINHTTP_OPTION_SERVER_CERT_CONTEXT flag for WinHttpQueryOption. This gives you CERT_CONTEXT, which you can then interrogate using CryptoAPI.
Viktor Krammer
Thanks for your suggestion, WinHttp looks promising to get to the desired
info. I will look into that.
Viktor Krammer
> OT, but -- still using quero with XP-SP3, IE8. Great combination!
thanks, exepct the next update soon ;-)