InternetSetOption with INTERNET_OPTION_CLIENT_CERT

Discussion:

InternetSetOption with INTERNET_OPTION_CLIENT_CERT_CONTEXT fails with error code 2

(too old to reply)

Vadym Stetsiak

2007-07-02 13:25:50 UTC

Hello, All!

My goal is to specify client certificate in HTTP request without calling
certificate select dialog via InternetErrorDialog.

I'm using InternetSetOption API with INTERNET_OPTION_CLIENT_CERT_CONTEXT.
GetLastError returns 2.

Certificate context is obtained correctly and specified in InternetSetOption

if ( InternetSetOption(hReq, INTERNET_OPTION_CLIENT_CERT_CONTEXT, (void *)
m_pContext, sizeof(CERT_CONTEXT)))
{
GetLastError();
}

I'm using WinInet under Windows Mobile 6.

--
With best regards, Vadym Stetsiak.
Blog: http://vadmyst.blogspot.com

Scherbina Vladimir

2007-07-02 20:04:31 UTC

Permalink

Hello Vadym!

Let me take a look on how do you open request?
--
Vladimir, Windows SDK MVP

Post by Vadym Stetsiak
Hello, All!
My goal is to specify client certificate in HTTP request without calling
certificate select dialog via InternetErrorDialog.
I'm using InternetSetOption API with INTERNET_OPTION_CLIENT_CERT_CONTEXT.
GetLastError returns 2.
Certificate context is obtained correctly and specified in
InternetSetOption
if ( InternetSetOption(hReq, INTERNET_OPTION_CLIENT_CERT_CONTEXT, (void *)
m_pContext, sizeof(CERT_CONTEXT)))
{
GetLastError();
}
I'm using WinInet under Windows Mobile 6.
--
With best regards, Vadym Stetsiak.
Blog: http://vadmyst.blogspot.com

Vadym Stetsiak

2007-07-03 06:53:34 UTC

Permalink

Hello, Vladimir!

Request is opened in the followfing way, nothing complex here.

if (!(hOpen = InternetOpenA (NULL, INTERNET_OPEN_TYPE_PRECONFIG, NULL,
INTERNET_INVALID_PORT_NUMBER, 0)))
{
GetLastError();
return;
}

dwFlags |= INTERNET_FLAG_SECURE |
INTERNET_FLAG_IGNORE_CERT_CN_INVALID |
SECURITY_FLAG_IGNORE_UNKNOWN_CA |
INTERNET_FLAG_IGNORE_CERT_DATE_INVALID ;

if ( !(hConnect = InternetConnectA ( hOpen, szIP , nPort, "", "",
INTERNET_SERVICE_HTTP, 0 , 0) ) )
{
GetLastError();
return ;
}

if ( !(hReq = HttpOpenRequestA (hConnect, "GET", "", "HTTP/1.0", "",
(LPCSTR*) AcceptTypes, dwFlags ,0 )))
{
GetLastError();
return ;
}

if ( !HttpSendRequestA( hReq, NULL, 0, NULL, 0 ) )
{
dwError = GetLastError();
if ( dwError == ERROR_INTERNET_CLIENT_AUTH_CERT_NEEDED )
{
//certificate setup logic here
}
}

You wrote on Mon, 2 Jul 2007 23:04:31 +0300:

SV> Let me take a look on how do you open request?

SV> --
SV> Vladimir, Windows SDK MVP
SV> "Vadym Stetsiak" <***@gmail.com> wrote in message
SV> news:***@TK2MSFTNGP03.phx.gbl...
??>> Hello, All!
??>>
??>> My goal is to specify client certificate in HTTP request without
??>> calling certificate select dialog via InternetErrorDialog. I'm using
??>> InternetSetOption API with
??>> INTERNET_OPTION_CLIENT_CERT_CONTEXT. GetLastError returns
??>> 2. Certificate context is obtained correctly and specified in
??>> InternetSetOption if ( InternetSetOption(hReq,
??>> INTERNET_OPTION_CLIENT_CERT_CONTEXT, (void *) m_pContext,
??>> sizeof(CERT_CONTEXT))) { GetLastError(); } I'm using WinInet under
??>> Windows Mobile 6. -- With best regards, Vadym Stetsiak. Blog:
??>> http://vadmyst.blogspot.com

With best regards, Vadym Stetsiak.

Scherbina Vladimir

2007-07-03 09:57:47 UTC

Permalink

Vadym,

I think the problem is connected with the limited set of supported flags
under WM version of InternetSetOption. Take a look at
http://msdn2.microsoft.com/en-us/library/aa918735.aspx

The following list shows the options that can be set for dwOption:

* INTERNET_OPTION_CONTEXT_VALUE
* INTERNET_OPTION_CONNECT_TIMEOUT
* INTERNET_OPTION_CONNECT_RETRIES
* INTERNET_OPTION_CONNECT_BACKOFF
* INTERNET_OPTION_CONTROL_SEND_TIMEOUT
* INTERNET_OPTION_CONTROL_RECEIVE_TIMEOUT
* INTERNET_OPTION_DATA_SEND_TIMEOUT
* INTERNET_OPTION_DATA_RECEIVE_TIMEOUT
* INTERNET_OPTION_READ_BUFFER_SIZE
* INTERNET_OPTION_WRITE_BUFFER_SIZE
* INTERNET_OPTION_USERNAME
* INTERNET_OPTION_PASSWORD
* INTERNET_OPTION_PROXY
* INTERNET_OPTION_USER_AGENT
* INTERNET_OPTION_RECEIVE_TIMEOUT

There is no INTERNET_OPTION_CLIENT_CERT_CONTEXT in this list.
--
Vladimir, Windows SDK MVP

Post by Vadym Stetsiak
Hello, Vladimir!
Request is opened in the followfing way, nothing complex here.
if (!(hOpen = InternetOpenA (NULL, INTERNET_OPEN_TYPE_PRECONFIG, NULL,
INTERNET_INVALID_PORT_NUMBER, 0)))
{
GetLastError();
return;
}
dwFlags |= INTERNET_FLAG_SECURE |
INTERNET_FLAG_IGNORE_CERT_CN_INVALID |
SECURITY_FLAG_IGNORE_UNKNOWN_CA |
INTERNET_FLAG_IGNORE_CERT_DATE_INVALID ;
if ( !(hConnect = InternetConnectA ( hOpen, szIP , nPort, "", "",
INTERNET_SERVICE_HTTP, 0 , 0) ) )
{
GetLastError();
return ;
}
if ( !(hReq = HttpOpenRequestA (hConnect, "GET", "", "HTTP/1.0", "",
(LPCSTR*) AcceptTypes, dwFlags ,0 )))
{
GetLastError();
return ;
}
if ( !HttpSendRequestA( hReq, NULL, 0, NULL, 0 ) )
{
dwError = GetLastError();
if ( dwError == ERROR_INTERNET_CLIENT_AUTH_CERT_NEEDED )
{
//certificate setup logic here
}
}
SV> Let me take a look on how do you open request?
SV> --
SV> Vladimir, Windows SDK MVP
??>> Hello, All!
??>>
??>> My goal is to specify client certificate in HTTP request without
??>> calling certificate select dialog via InternetErrorDialog. I'm using
??>> InternetSetOption API with
??>> INTERNET_OPTION_CLIENT_CERT_CONTEXT. GetLastError returns
??>> 2. Certificate context is obtained correctly and specified in
??>> InternetSetOption if ( InternetSetOption(hReq,
??>> INTERNET_OPTION_CLIENT_CERT_CONTEXT, (void *) m_pContext,
??>> sizeof(CERT_CONTEXT))) { GetLastError(); } I'm using WinInet under
??>> http://vadmyst.blogspot.com
With best regards, Vadym Stetsiak.