Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1572
  • Last Modified:

SSL client cert wininet constants

This is a query for info only. I have a whole MSDN library and TechNet library in front of me but I cannot find a version of wininet.h header file new enough to contain a definition of constant INTERNET_OPTION_CLIENT_CERT_CONTEXT.

Can anyone tell me the value of INTERNET_OPTION_CLIENT_CERT_CONTEXT, please. This is supposed to be a Internet Explorer 5.5+ related constant.

--

Alternatively, if this is not known or doesn't work, how would you request (HTTPS) SSL response that requires client certificate without any user interaction (I need to run this on server).

I have found a solution in article http://support.microsoft.com/support/kb/articles/q224/2/82.asp but I am not able to implement it.

- my version of wininet.h does not define INTERNET_OPTION_CLIENT_CERT_CONTEXT (I have VS6 SP5)
- I don't know how to write WinSock application using SSPI to do SSL (if you could point me to some example or documentation how to do this...)


Please, I really need that feeling "I'M GOOD" back again. ;)


Best regards,

Janez
0
jr001
Asked:
jr001
  • 8
  • 5
  • 4
  • +2
1 Solution
 
jkrCommented:
>>Can anyone tell me the value of INTERNET_OPTION_CLIENT_CERT_CONTEXT

#define INTERNET_OPTION_CLIENT_CERT_CONTEXT 84

(from: http://groups.google.com/groups?q=INTERNET_OPTION_CLIENT_CERT_CONTEXT&hl=en&safe=off&rnum=1&selm=hVSF5.9345%2446.86524%40typhoon.san.rr.com)
0
 
jkrCommented:
Well, anything else you need to know?
0
 
jkrCommented:
I think that you got what you were searching for :

#define INTERNET_OPTION_CLIENT_CERT_CONTEXT      84

That's from the contents of 'wininet.h' for IE5.5 - the complete code is available at http://msdn.microsoft.com/downloads/samples/internet/default.asp?url=/Downloads/samples/Internet/libraries/ie55_lib/default.asp (Just select 'wininet.h' from the combo box)
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
ArvindtnCommented:
if you are looking for something simple try this ActiveX Control.

Product Name : IPWorks SSL ActiveX Version 5.0

can be downloaded from www.nsoftware.com

0
 
jkrCommented:
Any problems?
0
 
DanRollinsCommented:
Just curious: Who is jr001 and why (how?) is he stealing this question from the somewhat-more-deserving jkr?

It looks like a useful technique.

-- Dan
0
 
DanRollinsCommented:
oops.  I meant to say, "That is a good link.  Very useful."

-- Dan
0
 
jkrCommented:
DanRollins, please refrain from that childish sarcasm.

If you don't have to contribute something constructive to a question, keep that for yourself, especially if all you want to do is expressing your disdain.

This is not a kindergarten. If you feel better when insulting me, I suggest doing that by email, but not here in public.

If you have any complaints about my behaviour here, feel free to contact CS, but, again, stop being disrespectful in public. I think that is not asked for too much.
0
 
DanRollinsCommented:
sorry.  Mybad.  I misread things at first and meant to patch things up with the second comment (it was not meant as sarcasm -- I have bookmarked that link because it is hard to find).

-- Dan
0
 
jr001Author Commented:
I'm sorry for this late response. I was busy with another project and I needed to test it first.

I have installed the platform sdk (core sdk) and ie55 sdk but still I cannot make it work.

I am using the following call:

...
DWORD dwError = GetLastError ();
if (dwError == ERROR_INTERNET_CLIENT_AUTH_CERT_NEEDED)
{
  ...
  InternetSetOption(
     hInternetConnect,
     INTERNET_OPTION_CLIENT_CERT_CONTEXT,
     (void*)pCertContext,
     sizeof(CERT_CONTEXT))
  )
  ...
  goto Retry;
  ...
}
...

where hInternetConnect is the valid handle and pCertContext is what CertFindCertificateInStore finds in system store "MY".

InternetSetOption keeps returning false and the error code (returned by GetLastError) is 12018 ERROR_INTERNET_INCORRECT_HANDLE_TYPE.

What is wrong here?

0
 
jkrCommented:
Hmm, what is 'pCertContext'? How is it initialized? The docs state:

"The LPVOID(lpBuffer) parameter must be a pointer to a CERT CONTEXT structure and not a pointer to a CERT CONTEXT pointer. If an application receives ERROR_INTERNET_CLIENT_AUTH_CERT_NEEDED, it must call InternetErrorDlg or use InternetSetOption to supply a certificate before retrying the request. CertDuplicateCertificateContext is then called so that the certificate context passed can be independently released by the application."

Is the certificate valid?

BTW, your question was about the value of a constant...
0
 
DanRollinsCommented:
>>BTW, your question was about the value of a constant...

As you can easily see, providing the value of that constant did not solve the underlying problem.
-- Dan
0
 
jkrCommented:
>>As you can easily see, providing the value of that
>>constant did not solve the underlying problem.

As you can see even easier, that's a different question - if somebody asks you for the time and you do so, is it under any circumstances OK if the followup is: "Oh, heck, so late? Please get your car and give me a ride..."
0
 
DanRollinsCommented:
If somebody says to you, "Here's $5.  Tell me, do you know what time it is?" and you grab his money as you answer,

"Yes"  

...there is very little chance that that person got his money's worth.

-- Dan
0
 
jr001Author Commented:
I have stated the whole problem at the beginning and it should have been obvious that I need that constant to solve the problem.

Btw. I have tried to answer one question once and was simply rejected because it didn't solve the specific problem, although that specific situation wasn't stated at all.

Anyway, jkr, finding this constant was too easy, wasn't it? I just reflects that it is not good to stop programming and then return to that...


Ok, let's be more serious now.

PCCERT_CONTEXT  pCertContext;
pCertContext = CertFindCertificateInStore(...)

pCertContext is valid (I check for all possible errors). PCCERT_CONTEXT is what CertDuplicateCertificateContext accepts as a parameter. Could it be that the size is incorrect? I have tried to alter it and as long as the size is in interval [1,34052] I get the same error but if it is outside this range I get an error 87: "The parameter is incorrect.".

What is your opinion?

0
 
jr001Author Commented:
I have stated the whole problem at the beginning and it should have been obvious that I need that constant to solve the problem.

Btw. I have tried to answer one question once and was simply rejected because it didn't solve the specific problem, although that specific situation wasn't stated at all.

Anyway, jkr, finding this constant was too easy, wasn't it? I just reflects that it is not good to stop programming and then return to that...


Ok, let's be more serious now.

PCCERT_CONTEXT  pCertContext;
pCertContext = CertFindCertificateInStore(...)

pCertContext is valid (I check for all possible errors). PCCERT_CONTEXT is what CertDuplicateCertificateContext accepts as a parameter. Could it be that the size is incorrect? I have tried to alter it and as long as the size is in interval [1,34052] I get the same error but if it is outside this range I get an error 87: "The parameter is incorrect.".

What is your opinion?

0
 
jkrCommented:
Err, just a moment - if it is an 'invalid parameter error' and your header files don't know about this flag, are you sure your runtime environment does?
0
 
MoondancerCommented:
Proposed Answer rejected by moderator at the request of jkr.

Moondancer
Community Support Moderator @ Experts Exchange
0
 
jr001Author Commented:
I'll have to admit that you answered my question but I am stil unhappy because it didn't solve my problem entirely.

Btw. the problem was indeed in handle - I should have used hHttpOpenRequest in place of hInternetConnect. Ugly mistake.

Best regards,

Janez
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

  • 8
  • 5
  • 4
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now