Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Disabling Certificate Validation

1,086 views
Skip to first unread message

jacobth...@gmail.com

unread,
Mar 21, 2007, 1:38:01 PM3/21/07
to
I've asked this here before, and I've asked on the Microsoft forums
and gotten no answer, but I'll try again. WinHttp 5.1 ignores calls to
WinHttpSetOption() with the SECURITY_FLAG_IGNORE_UNKNOWN_CA and
SECURITY_FLAG_IGNORE_CERT_CN_INVALID flags. Because of this one cannot
send requests to an HTTPS server with a self-signed certificate, nor
can one use a self-signed client certificate. This is very, very
annoying during development because it's not always feasible to have a
third party sign your certs. This is a deal-killer for a good number
of legitimate uses, like sending requests to a test or development web
server that isn't going to have a signed server cert and/or whose host
and domain name doesn't match the CN on its certificate.

Disabling these checks worked gloriously under WinHttp 5.0, but 5.0 is
dead. It is inconceivable that I am the only person to face this
problem. Can anyone give me any information about how to get around
this?

Marcin Domaslawski

unread,
Mar 22, 2007, 4:26:24 AM3/22/07
to
Hi,

Actually I'm working with old IIS with self-signed certificate and WinHttp
5.1 but it works good.

I use

DWORD dwOptions =
SECURITY_FLAG_IGNORE_CERT_CN_INVALID
| SECURITY_FLAG_IGNORE_CERT_DATE_INVALID
| SECURITY_FLAG_IGNORE_UNKNOWN_CA
| SECURITY_FLAG_IGNORE_CERT_WRONG_USAGE;

(...)
dwRetVal = WinHttpSetOption( m_hRequest, WINHTTP_OPTION_SECURITY_FLAGS,
&dwOptions, sizeof (DWORD) );
(...)


Do you get an error code ? When do you get error that your server's
certificate is incorrect ?

Marcin Domaslawski

Uzytkownik <jacobth...@gmail.com> napisal w wiadomosci
news:1174498681.8...@n59g2000hsh.googlegroups.com...

jacobth...@gmail.com

unread,
Mar 22, 2007, 9:47:19 AM3/22/07
to

I've since realized that there isn't a problem with using self-signed
client certificates, but only with talking to a server with a cert
that doesn't pass the muster. Note that I'm writing a web client here,
not a server application.

I don't get any errors until I call WinHttpSendRequest(), which will
give me an ERROR_WINHTTP_SECURE_FAILURE and what's more, will not hit
the callback function that I've registered for security-related
issues. It just fails and annoys me.

vgin...@gmail.com

unread,
Jan 23, 2013, 1:36:19 PM1/23/13
to
Hi,

I'm having exactly the same problem. Did you find a resolution?
0 new messages