Solved

SSL client cert wininet constants

Posted on 2001-08-21
19
1,501 Views
Last Modified: 2008-02-26
This is a query for info only. I have a whole MSDN library and TechNet library in front of me but I cannot find a version of wininet.h header file new enough to contain a definition of constant INTERNET_OPTION_CLIENT_CERT_CONTEXT.

Can anyone tell me the value of INTERNET_OPTION_CLIENT_CERT_CONTEXT, please. This is supposed to be a Internet Explorer 5.5+ related constant.

--

Alternatively, if this is not known or doesn't work, how would you request (HTTPS) SSL response that requires client certificate without any user interaction (I need to run this on server).

I have found a solution in article http://support.microsoft.com/support/kb/articles/q224/2/82.asp but I am not able to implement it.

- my version of wininet.h does not define INTERNET_OPTION_CLIENT_CERT_CONTEXT (I have VS6 SP5)
- I don't know how to write WinSock application using SSPI to do SSL (if you could point me to some example or documentation how to do this...)


Please, I really need that feeling "I'M GOOD" back again. ;)


Best regards,

Janez
0
Comment
Question by:jr001
  • 8
  • 5
  • 4
  • +2
19 Comments
 
LVL 86

Accepted Solution

by:
jkr earned 100 total points
ID: 6410164
>>Can anyone tell me the value of INTERNET_OPTION_CLIENT_CERT_CONTEXT

#define INTERNET_OPTION_CLIENT_CERT_CONTEXT 84

(from: http://groups.google.com/groups?q=INTERNET_OPTION_CLIENT_CERT_CONTEXT&hl=en&safe=off&rnum=1&selm=hVSF5.9345%2446.86524%40typhoon.san.rr.com)
0
 
LVL 86

Expert Comment

by:jkr
ID: 6410893
Well, anything else you need to know?
0
 
LVL 86

Expert Comment

by:jkr
ID: 6413253
I think that you got what you were searching for :

#define INTERNET_OPTION_CLIENT_CERT_CONTEXT      84

That's from the contents of 'wininet.h' for IE5.5 - the complete code is available at http://msdn.microsoft.com/downloads/samples/internet/default.asp?url=/Downloads/samples/Internet/libraries/ie55_lib/default.asp (Just select 'wininet.h' from the combo box)
0
 

Expert Comment

by:Arvindtn
ID: 6413723
if you are looking for something simple try this ActiveX Control.

Product Name : IPWorks SSL ActiveX Version 5.0

can be downloaded from www.nsoftware.com

0
 
LVL 86

Expert Comment

by:jkr
ID: 6422975
Any problems?
0
 
LVL 49

Expert Comment

by:DanRollins
ID: 6425684
Just curious: Who is jr001 and why (how?) is he stealing this question from the somewhat-more-deserving jkr?

It looks like a useful technique.

-- Dan
0
 
LVL 49

Expert Comment

by:DanRollins
ID: 6425702
oops.  I meant to say, "That is a good link.  Very useful."

-- Dan
0
 
LVL 86

Expert Comment

by:jkr
ID: 6426687
DanRollins, please refrain from that childish sarcasm.

If you don't have to contribute something constructive to a question, keep that for yourself, especially if all you want to do is expressing your disdain.

This is not a kindergarten. If you feel better when insulting me, I suggest doing that by email, but not here in public.

If you have any complaints about my behaviour here, feel free to contact CS, but, again, stop being disrespectful in public. I think that is not asked for too much.
0
 
LVL 49

Expert Comment

by:DanRollins
ID: 6427142
sorry.  Mybad.  I misread things at first and meant to patch things up with the second comment (it was not meant as sarcasm -- I have bookmarked that link because it is hard to find).

-- Dan
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 4

Author Comment

by:jr001
ID: 6432064
I'm sorry for this late response. I was busy with another project and I needed to test it first.

I have installed the platform sdk (core sdk) and ie55 sdk but still I cannot make it work.

I am using the following call:

...
DWORD dwError = GetLastError ();
if (dwError == ERROR_INTERNET_CLIENT_AUTH_CERT_NEEDED)
{
  ...
  InternetSetOption(
     hInternetConnect,
     INTERNET_OPTION_CLIENT_CERT_CONTEXT,
     (void*)pCertContext,
     sizeof(CERT_CONTEXT))
  )
  ...
  goto Retry;
  ...
}
...

where hInternetConnect is the valid handle and pCertContext is what CertFindCertificateInStore finds in system store "MY".

InternetSetOption keeps returning false and the error code (returned by GetLastError) is 12018 ERROR_INTERNET_INCORRECT_HANDLE_TYPE.

What is wrong here?

0
 
LVL 86

Expert Comment

by:jkr
ID: 6432117
Hmm, what is 'pCertContext'? How is it initialized? The docs state:

"The LPVOID(lpBuffer) parameter must be a pointer to a CERT CONTEXT structure and not a pointer to a CERT CONTEXT pointer. If an application receives ERROR_INTERNET_CLIENT_AUTH_CERT_NEEDED, it must call InternetErrorDlg or use InternetSetOption to supply a certificate before retrying the request. CertDuplicateCertificateContext is then called so that the certificate context passed can be independently released by the application."

Is the certificate valid?

BTW, your question was about the value of a constant...
0
 
LVL 49

Expert Comment

by:DanRollins
ID: 6432470
>>BTW, your question was about the value of a constant...

As you can easily see, providing the value of that constant did not solve the underlying problem.
-- Dan
0
 
LVL 86

Expert Comment

by:jkr
ID: 6433788
>>As you can easily see, providing the value of that
>>constant did not solve the underlying problem.

As you can see even easier, that's a different question - if somebody asks you for the time and you do so, is it under any circumstances OK if the followup is: "Oh, heck, so late? Please get your car and give me a ride..."
0
 
LVL 49

Expert Comment

by:DanRollins
ID: 6434317
If somebody says to you, "Here's $5.  Tell me, do you know what time it is?" and you grab his money as you answer,

"Yes"  

...there is very little chance that that person got his money's worth.

-- Dan
0
 
LVL 4

Author Comment

by:jr001
ID: 6436310
I have stated the whole problem at the beginning and it should have been obvious that I need that constant to solve the problem.

Btw. I have tried to answer one question once and was simply rejected because it didn't solve the specific problem, although that specific situation wasn't stated at all.

Anyway, jkr, finding this constant was too easy, wasn't it? I just reflects that it is not good to stop programming and then return to that...


Ok, let's be more serious now.

PCCERT_CONTEXT  pCertContext;
pCertContext = CertFindCertificateInStore(...)

pCertContext is valid (I check for all possible errors). PCCERT_CONTEXT is what CertDuplicateCertificateContext accepts as a parameter. Could it be that the size is incorrect? I have tried to alter it and as long as the size is in interval [1,34052] I get the same error but if it is outside this range I get an error 87: "The parameter is incorrect.".

What is your opinion?

0
 
LVL 4

Author Comment

by:jr001
ID: 6437106
I have stated the whole problem at the beginning and it should have been obvious that I need that constant to solve the problem.

Btw. I have tried to answer one question once and was simply rejected because it didn't solve the specific problem, although that specific situation wasn't stated at all.

Anyway, jkr, finding this constant was too easy, wasn't it? I just reflects that it is not good to stop programming and then return to that...


Ok, let's be more serious now.

PCCERT_CONTEXT  pCertContext;
pCertContext = CertFindCertificateInStore(...)

pCertContext is valid (I check for all possible errors). PCCERT_CONTEXT is what CertDuplicateCertificateContext accepts as a parameter. Could it be that the size is incorrect? I have tried to alter it and as long as the size is in interval [1,34052] I get the same error but if it is outside this range I get an error 87: "The parameter is incorrect.".

What is your opinion?

0
 
LVL 86

Expert Comment

by:jkr
ID: 6438299
Err, just a moment - if it is an 'invalid parameter error' and your header files don't know about this flag, are you sure your runtime environment does?
0
 
LVL 1

Expert Comment

by:Moondancer
ID: 6446419
Proposed Answer rejected by moderator at the request of jkr.

Moondancer
Community Support Moderator @ Experts Exchange
0
 
LVL 4

Author Comment

by:jr001
ID: 6460013
I'll have to admit that you answered my question but I am stil unhappy because it didn't solve my problem entirely.

Btw. the problem was indeed in handle - I should have used hHttpOpenRequest in place of hInternetConnect. Ugly mistake.

Best regards,

Janez
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

When writing generic code, using template meta-programming techniques, it is sometimes useful to know if a type is convertible to another type. A good example of when this might be is if you are writing diagnostic instrumentation for code to generat…
Often, when implementing a feature, you won't know how certain events should be handled at the point where they occur and you'd rather defer to the user of your function or class. For example, a XML parser will extract a tag from the source code, wh…
The goal of the video will be to teach the user the difference and consequence of passing data by value vs passing data by reference in C++. An example of passing data by value as well as an example of passing data by reference will be be given. Bot…
The viewer will be introduced to the member functions push_back and pop_back of the vector class. The video will teach the difference between the two as well as how to use each one along with its functionality.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now