[Remops] Oops! Small problem!
Tom Ritter
tom at ritter.vg
Tue Oct 28 01:59:35 GMT 2014
On 27 October 2014 20:31, <richard at quicksilvermail.net> wrote:
> My goal is to find a way to get windows to ignore the cert security
> problem and get the page anyway.
I don't know everything about the APIs you are able to use or not, but
perhaps WinHttpOpenRequest[0] preceded by a call to
WinHttpSetOption(WINHTTP_OPTION_SECURITY_FLAGS,
SECURITY_FLAG_IGNORE_UNKNOWN_CA) [1].
And then followed by a call to
WinHttpQueryOption(WINHTTP_OPTION_SECURITY_CERTIFICATE_STRUCT) as in
[3] - to not ignore the certificate entirely, but require it to be the
expected self-signed cert. This pins the certificate and does not
allow anyone to man in the middle the pinger download to e.g. provide
false keys to decrypt the message as it is sent.
-tom
[0] http://msdn.microsoft.com/en-us/library/windows/desktop/aa384099(v=vs.85).aspx
[1] http://msdn.microsoft.com/en-us/library/windows/desktop/aa384114(v=vs.85).aspx
http://msdn.microsoft.com/en-us/library/windows/desktop/aa384066(v=vs.85).aspx
[2] http://msdn.microsoft.com/en-us/library/windows/desktop/aa384103(v=vs.85).aspx
[3] https://social.msdn.microsoft.com/Forums/vstudio/en-US/ea97b57f-972a-44b9-8bb0-ccff7e895cf6/winhttp-server-certificate-validation?forum=windowssdk
More information about the Remops
mailing list