Solved

SSL client cert wininet constants

Posted on 2001-08-21
19
1,529 Views
Last Modified: 2008-02-26
This is a query for info only. I have a whole MSDN library and TechNet library in front of me but I cannot find a version of wininet.h header file new enough to contain a definition of constant INTERNET_OPTION_CLIENT_CERT_CONTEXT.

Can anyone tell me the value of INTERNET_OPTION_CLIENT_CERT_CONTEXT, please. This is supposed to be a Internet Explorer 5.5+ related constant.

--

Alternatively, if this is not known or doesn't work, how would you request (HTTPS) SSL response that requires client certificate without any user interaction (I need to run this on server).

I have found a solution in article http://support.microsoft.com/support/kb/articles/q224/2/82.asp but I am not able to implement it.

- my version of wininet.h does not define INTERNET_OPTION_CLIENT_CERT_CONTEXT (I have VS6 SP5)
- I don't know how to write WinSock application using SSPI to do SSL (if you could point me to some example or documentation how to do this...)


Please, I really need that feeling "I'M GOOD" back again. ;)


Best regards,

Janez
0
Comment
Question by:jr001
  • 8
  • 5
  • 4
  • +2
19 Comments
 
LVL 86

Accepted Solution

by:
jkr earned 100 total points
ID: 6410164
>>Can anyone tell me the value of INTERNET_OPTION_CLIENT_CERT_CONTEXT

#define INTERNET_OPTION_CLIENT_CERT_CONTEXT 84

(from: http://groups.google.com/groups?q=INTERNET_OPTION_CLIENT_CERT_CONTEXT&hl=en&safe=off&rnum=1&selm=hVSF5.9345%2446.86524%40typhoon.san.rr.com)
0
 
LVL 86

Expert Comment

by:jkr
ID: 6410893
Well, anything else you need to know?
0
 
LVL 86

Expert Comment

by:jkr
ID: 6413253
I think that you got what you were searching for :

#define INTERNET_OPTION_CLIENT_CERT_CONTEXT      84

That's from the contents of 'wininet.h' for IE5.5 - the complete code is available at http://msdn.microsoft.com/downloads/samples/internet/default.asp?url=/Downloads/samples/Internet/libraries/ie55_lib/default.asp (Just select 'wininet.h' from the combo box)
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Expert Comment

by:Arvindtn
ID: 6413723
if you are looking for something simple try this ActiveX Control.

Product Name : IPWorks SSL ActiveX Version 5.0

can be downloaded from www.nsoftware.com

0
 
LVL 86

Expert Comment

by:jkr
ID: 6422975
Any problems?
0
 
LVL 49

Expert Comment

by:DanRollins
ID: 6425684
Just curious: Who is jr001 and why (how?) is he stealing this question from the somewhat-more-deserving jkr?

It looks like a useful technique.

-- Dan
0
 
LVL 49

Expert Comment

by:DanRollins
ID: 6425702
oops.  I meant to say, "That is a good link.  Very useful."

-- Dan
0
 
LVL 86

Expert Comment

by:jkr
ID: 6426687
DanRollins, please refrain from that childish sarcasm.

If you don't have to contribute something constructive to a question, keep that for yourself, especially if all you want to do is expressing your disdain.

This is not a kindergarten. If you feel better when insulting me, I suggest doing that by email, but not here in public.

If you have any complaints about my behaviour here, feel free to contact CS, but, again, stop being disrespectful in public. I think that is not asked for too much.
0
 
LVL 49

Expert Comment

by:DanRollins
ID: 6427142
sorry.  Mybad.  I misread things at first and meant to patch things up with the second comment (it was not meant as sarcasm -- I have bookmarked that link because it is hard to find).

-- Dan
0
 
LVL 4

Author Comment

by:jr001
ID: 6432064
I'm sorry for this late response. I was busy with another project and I needed to test it first.

I have installed the platform sdk (core sdk) and ie55 sdk but still I cannot make it work.

I am using the following call:

...
DWORD dwError = GetLastError ();
if (dwError == ERROR_INTERNET_CLIENT_AUTH_CERT_NEEDED)
{
  ...
  InternetSetOption(
     hInternetConnect,
     INTERNET_OPTION_CLIENT_CERT_CONTEXT,
     (void*)pCertContext,
     sizeof(CERT_CONTEXT))
  )
  ...
  goto Retry;
  ...
}
...

where hInternetConnect is the valid handle and pCertContext is what CertFindCertificateInStore finds in system store "MY".

InternetSetOption keeps returning false and the error code (returned by GetLastError) is 12018 ERROR_INTERNET_INCORRECT_HANDLE_TYPE.

What is wrong here?

0
 
LVL 86

Expert Comment

by:jkr
ID: 6432117
Hmm, what is 'pCertContext'? How is it initialized? The docs state:

"The LPVOID(lpBuffer) parameter must be a pointer to a CERT CONTEXT structure and not a pointer to a CERT CONTEXT pointer. If an application receives ERROR_INTERNET_CLIENT_AUTH_CERT_NEEDED, it must call InternetErrorDlg or use InternetSetOption to supply a certificate before retrying the request. CertDuplicateCertificateContext is then called so that the certificate context passed can be independently released by the application."

Is the certificate valid?

BTW, your question was about the value of a constant...
0
 
LVL 49

Expert Comment

by:DanRollins
ID: 6432470
>>BTW, your question was about the value of a constant...

As you can easily see, providing the value of that constant did not solve the underlying problem.
-- Dan
0
 
LVL 86

Expert Comment

by:jkr
ID: 6433788
>>As you can easily see, providing the value of that
>>constant did not solve the underlying problem.

As you can see even easier, that's a different question - if somebody asks you for the time and you do so, is it under any circumstances OK if the followup is: "Oh, heck, so late? Please get your car and give me a ride..."
0
 
LVL 49

Expert Comment

by:DanRollins
ID: 6434317
If somebody says to you, "Here's $5.  Tell me, do you know what time it is?" and you grab his money as you answer,

"Yes"  

...there is very little chance that that person got his money's worth.

-- Dan
0
 
LVL 4

Author Comment

by:jr001
ID: 6436310
I have stated the whole problem at the beginning and it should have been obvious that I need that constant to solve the problem.

Btw. I have tried to answer one question once and was simply rejected because it didn't solve the specific problem, although that specific situation wasn't stated at all.

Anyway, jkr, finding this constant was too easy, wasn't it? I just reflects that it is not good to stop programming and then return to that...


Ok, let's be more serious now.

PCCERT_CONTEXT  pCertContext;
pCertContext = CertFindCertificateInStore(...)

pCertContext is valid (I check for all possible errors). PCCERT_CONTEXT is what CertDuplicateCertificateContext accepts as a parameter. Could it be that the size is incorrect? I have tried to alter it and as long as the size is in interval [1,34052] I get the same error but if it is outside this range I get an error 87: "The parameter is incorrect.".

What is your opinion?

0
 
LVL 4

Author Comment

by:jr001
ID: 6437106
I have stated the whole problem at the beginning and it should have been obvious that I need that constant to solve the problem.

Btw. I have tried to answer one question once and was simply rejected because it didn't solve the specific problem, although that specific situation wasn't stated at all.

Anyway, jkr, finding this constant was too easy, wasn't it? I just reflects that it is not good to stop programming and then return to that...


Ok, let's be more serious now.

PCCERT_CONTEXT  pCertContext;
pCertContext = CertFindCertificateInStore(...)

pCertContext is valid (I check for all possible errors). PCCERT_CONTEXT is what CertDuplicateCertificateContext accepts as a parameter. Could it be that the size is incorrect? I have tried to alter it and as long as the size is in interval [1,34052] I get the same error but if it is outside this range I get an error 87: "The parameter is incorrect.".

What is your opinion?

0
 
LVL 86

Expert Comment

by:jkr
ID: 6438299
Err, just a moment - if it is an 'invalid parameter error' and your header files don't know about this flag, are you sure your runtime environment does?
0
 
LVL 1

Expert Comment

by:Moondancer
ID: 6446419
Proposed Answer rejected by moderator at the request of jkr.

Moondancer
Community Support Moderator @ Experts Exchange
0
 
LVL 4

Author Comment

by:jr001
ID: 6460013
I'll have to admit that you answered my question but I am stil unhappy because it didn't solve my problem entirely.

Btw. the problem was indeed in handle - I should have used hHttpOpenRequest in place of hInternetConnect. Ugly mistake.

Best regards,

Janez
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Errors will happen. It is a fact of life for the programmer. How and when errors are detected have a great impact on quality and cost of a product. It is better to detect errors at compile time, when possible and practical. Errors that make their wa…
Introduction This article is a continuation of the C/C++ Visual Studio Express debugger series. Part 1 provided a quick start guide in using the debugger. Part 2 focused on additional topics in breakpoints. As your assignments become a little more …
The viewer will learn additional member functions of the vector class. Specifically, the capacity and swap member functions will be introduced.
The viewer will be introduced to the technique of using vectors in C++. The video will cover how to define a vector, store values in the vector and retrieve data from the values stored in the vector.

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question