Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

SSL client cert wininet constants

Posted on 2001-08-21
19
Medium Priority
?
1,565 Views
Last Modified: 2008-02-26
This is a query for info only. I have a whole MSDN library and TechNet library in front of me but I cannot find a version of wininet.h header file new enough to contain a definition of constant INTERNET_OPTION_CLIENT_CERT_CONTEXT.

Can anyone tell me the value of INTERNET_OPTION_CLIENT_CERT_CONTEXT, please. This is supposed to be a Internet Explorer 5.5+ related constant.

--

Alternatively, if this is not known or doesn't work, how would you request (HTTPS) SSL response that requires client certificate without any user interaction (I need to run this on server).

I have found a solution in article http://support.microsoft.com/support/kb/articles/q224/2/82.asp but I am not able to implement it.

- my version of wininet.h does not define INTERNET_OPTION_CLIENT_CERT_CONTEXT (I have VS6 SP5)
- I don't know how to write WinSock application using SSPI to do SSL (if you could point me to some example or documentation how to do this...)


Please, I really need that feeling "I'M GOOD" back again. ;)


Best regards,

Janez
0
Comment
Question by:jr001
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 5
  • 4
  • +2
19 Comments
 
LVL 86

Accepted Solution

by:
jkr earned 300 total points
ID: 6410164
>>Can anyone tell me the value of INTERNET_OPTION_CLIENT_CERT_CONTEXT

#define INTERNET_OPTION_CLIENT_CERT_CONTEXT 84

(from: http://groups.google.com/groups?q=INTERNET_OPTION_CLIENT_CERT_CONTEXT&hl=en&safe=off&rnum=1&selm=hVSF5.9345%2446.86524%40typhoon.san.rr.com)
0
 
LVL 86

Expert Comment

by:jkr
ID: 6410893
Well, anything else you need to know?
0
 
LVL 86

Expert Comment

by:jkr
ID: 6413253
I think that you got what you were searching for :

#define INTERNET_OPTION_CLIENT_CERT_CONTEXT      84

That's from the contents of 'wininet.h' for IE5.5 - the complete code is available at http://msdn.microsoft.com/downloads/samples/internet/default.asp?url=/Downloads/samples/Internet/libraries/ie55_lib/default.asp (Just select 'wininet.h' from the combo box)
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 

Expert Comment

by:Arvindtn
ID: 6413723
if you are looking for something simple try this ActiveX Control.

Product Name : IPWorks SSL ActiveX Version 5.0

can be downloaded from www.nsoftware.com

0
 
LVL 86

Expert Comment

by:jkr
ID: 6422975
Any problems?
0
 
LVL 49

Expert Comment

by:DanRollins
ID: 6425684
Just curious: Who is jr001 and why (how?) is he stealing this question from the somewhat-more-deserving jkr?

It looks like a useful technique.

-- Dan
0
 
LVL 49

Expert Comment

by:DanRollins
ID: 6425702
oops.  I meant to say, "That is a good link.  Very useful."

-- Dan
0
 
LVL 86

Expert Comment

by:jkr
ID: 6426687
DanRollins, please refrain from that childish sarcasm.

If you don't have to contribute something constructive to a question, keep that for yourself, especially if all you want to do is expressing your disdain.

This is not a kindergarten. If you feel better when insulting me, I suggest doing that by email, but not here in public.

If you have any complaints about my behaviour here, feel free to contact CS, but, again, stop being disrespectful in public. I think that is not asked for too much.
0
 
LVL 49

Expert Comment

by:DanRollins
ID: 6427142
sorry.  Mybad.  I misread things at first and meant to patch things up with the second comment (it was not meant as sarcasm -- I have bookmarked that link because it is hard to find).

-- Dan
0
 
LVL 4

Author Comment

by:jr001
ID: 6432064
I'm sorry for this late response. I was busy with another project and I needed to test it first.

I have installed the platform sdk (core sdk) and ie55 sdk but still I cannot make it work.

I am using the following call:

...
DWORD dwError = GetLastError ();
if (dwError == ERROR_INTERNET_CLIENT_AUTH_CERT_NEEDED)
{
  ...
  InternetSetOption(
     hInternetConnect,
     INTERNET_OPTION_CLIENT_CERT_CONTEXT,
     (void*)pCertContext,
     sizeof(CERT_CONTEXT))
  )
  ...
  goto Retry;
  ...
}
...

where hInternetConnect is the valid handle and pCertContext is what CertFindCertificateInStore finds in system store "MY".

InternetSetOption keeps returning false and the error code (returned by GetLastError) is 12018 ERROR_INTERNET_INCORRECT_HANDLE_TYPE.

What is wrong here?

0
 
LVL 86

Expert Comment

by:jkr
ID: 6432117
Hmm, what is 'pCertContext'? How is it initialized? The docs state:

"The LPVOID(lpBuffer) parameter must be a pointer to a CERT CONTEXT structure and not a pointer to a CERT CONTEXT pointer. If an application receives ERROR_INTERNET_CLIENT_AUTH_CERT_NEEDED, it must call InternetErrorDlg or use InternetSetOption to supply a certificate before retrying the request. CertDuplicateCertificateContext is then called so that the certificate context passed can be independently released by the application."

Is the certificate valid?

BTW, your question was about the value of a constant...
0
 
LVL 49

Expert Comment

by:DanRollins
ID: 6432470
>>BTW, your question was about the value of a constant...

As you can easily see, providing the value of that constant did not solve the underlying problem.
-- Dan
0
 
LVL 86

Expert Comment

by:jkr
ID: 6433788
>>As you can easily see, providing the value of that
>>constant did not solve the underlying problem.

As you can see even easier, that's a different question - if somebody asks you for the time and you do so, is it under any circumstances OK if the followup is: "Oh, heck, so late? Please get your car and give me a ride..."
0
 
LVL 49

Expert Comment

by:DanRollins
ID: 6434317
If somebody says to you, "Here's $5.  Tell me, do you know what time it is?" and you grab his money as you answer,

"Yes"  

...there is very little chance that that person got his money's worth.

-- Dan
0
 
LVL 4

Author Comment

by:jr001
ID: 6436310
I have stated the whole problem at the beginning and it should have been obvious that I need that constant to solve the problem.

Btw. I have tried to answer one question once and was simply rejected because it didn't solve the specific problem, although that specific situation wasn't stated at all.

Anyway, jkr, finding this constant was too easy, wasn't it? I just reflects that it is not good to stop programming and then return to that...


Ok, let's be more serious now.

PCCERT_CONTEXT  pCertContext;
pCertContext = CertFindCertificateInStore(...)

pCertContext is valid (I check for all possible errors). PCCERT_CONTEXT is what CertDuplicateCertificateContext accepts as a parameter. Could it be that the size is incorrect? I have tried to alter it and as long as the size is in interval [1,34052] I get the same error but if it is outside this range I get an error 87: "The parameter is incorrect.".

What is your opinion?

0
 
LVL 4

Author Comment

by:jr001
ID: 6437106
I have stated the whole problem at the beginning and it should have been obvious that I need that constant to solve the problem.

Btw. I have tried to answer one question once and was simply rejected because it didn't solve the specific problem, although that specific situation wasn't stated at all.

Anyway, jkr, finding this constant was too easy, wasn't it? I just reflects that it is not good to stop programming and then return to that...


Ok, let's be more serious now.

PCCERT_CONTEXT  pCertContext;
pCertContext = CertFindCertificateInStore(...)

pCertContext is valid (I check for all possible errors). PCCERT_CONTEXT is what CertDuplicateCertificateContext accepts as a parameter. Could it be that the size is incorrect? I have tried to alter it and as long as the size is in interval [1,34052] I get the same error but if it is outside this range I get an error 87: "The parameter is incorrect.".

What is your opinion?

0
 
LVL 86

Expert Comment

by:jkr
ID: 6438299
Err, just a moment - if it is an 'invalid parameter error' and your header files don't know about this flag, are you sure your runtime environment does?
0
 
LVL 1

Expert Comment

by:Moondancer
ID: 6446419
Proposed Answer rejected by moderator at the request of jkr.

Moondancer
Community Support Moderator @ Experts Exchange
0
 
LVL 4

Author Comment

by:jr001
ID: 6460013
I'll have to admit that you answered my question but I am stil unhappy because it didn't solve my problem entirely.

Btw. the problem was indeed in handle - I should have used hHttpOpenRequest in place of hInternetConnect. Ugly mistake.

Best regards,

Janez
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: SunnyDark
This article's goal is to present you with an easy to use XML wrapper for C++ and also present some interesting techniques that you might use with MS C++. The reason I built this class is to ease the pain of using XML files with C++, since there is…
Basic understanding on "OO- Object Orientation" is needed for designing a logical solution to solve a problem. Basic OOAD is a prerequisite for a coder to ensure that they follow the basic design of OO. This would help developers to understand the b…
The goal of the tutorial is to teach the user how to use functions in C++. The video will cover how to define functions, how to call functions and how to create functions prototypes. Microsoft Visual C++ 2010 Express will be used as a text editor an…
The viewer will be introduced to the member functions push_back and pop_back of the vector class. The video will teach the difference between the two as well as how to use each one along with its functionality.
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question