[Remops] Oops! Small problem!
richard at quicksilvermail.net
richard at quicksilvermail.net
Tue Oct 28 22:33:56 GMT 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Mon, 27 Oct 2014 20:59:35 -0500, you wrote:
>
> On 27 October 2014 20:31, <richard at quicksilvermail.net> wrote:
> > My goal is to find a way to get windows to ignore the cert security
> > problem and get the page anyway.
>
> I don't know everything about the APIs you are able to use or not, but
> perhaps WinHttpOpenRequest[0] preceded by a call to
> WinHttpSetOption(WINHTTP_OPTION_SECURITY_FLAGS,
> SECURITY_FLAG_IGNORE_UNKNOWN_CA) [1].
>
> And then followed by a call to
> WinHttpQueryOption(WINHTTP_OPTION_SECURITY_CERTIFICATE_STRUCT) as in
> [3] - to not ignore the certificate entirely, but require it to be the
> expected self-signed cert. This pins the certificate and does not
> allow anyone to man in the middle the pinger download to e.g. provide
> false keys to decrypt the message as it is sent.
>
> -tom
>
> [0] http://msdn.microsoft.com/en-us/library/windows/desktop/aa384099(v=vs.85).aspx
> [1] http://msdn.microsoft.com/en-us/library/windows/desktop/aa384114(v=vs.85).aspx
> http://msdn.microsoft.com/en-us/library/windows/desktop/aa384066(v=vs.85).aspx
> [2] http://msdn.microsoft.com/en-us/library/windows/desktop/aa384103(v=vs.85).aspx
> [3] https://social.msdn.microsoft.com/Forums/vstudio/en-US/ea97b57f-972a-44b9-8bb0-ccff7e895cf6/winhttp-server-certificate-validation?forum=windowssdk
Hi Tom,
Thanks so much. This looks like valuable info, I'll keep it handy.
Unfortunately, mixmaster doesn't handle the download using that API. It
simply calls URLDownloadFile. That handles the whole job, and I not
enthused by replacing that function. What you're suggesting looks
significantly more complex and this isn't a mixmaster test release.
On the other hand. URLDownloadToFile has an optional callback function
that I can provide. I see (in the callback) there are a couple options
relating to security. I'm going to see what I can do with this. If that
doesn't pan out, I don't expect to pursue it further.
Sorry to all for the slow progress. Family obligations require most of
my time these days.
Thanks again,
Richard
-----BEGIN PGP SIGNATURE-----
Version: N/A
iQIcBAEBAgAGBQJUUBtjAAoJEJxtYUVddaeiu2YQAK7IHtsMslxOBQWlVxGsYFwk
76rvYeE0YrcWpya0H7mc6EcKtza6li9iMLTyQFv8iZN4gSs6LByDx0dzhcaiSqL6
+0PCO66g6RNemC7ef6TVkZMAfSwR0CirPtXDLApiBoOm8AYLxjQ1pBqGvuz2OV88
dW9FfPqu8+kz1Z8Y/PUqNe9gt0zVQJR5jOWf65htAUmFL/QIOERmenrWjcCsyo4Z
+NAPePYZ0x2Urg1Mspl007Qpqrf1z88c0Dnq/MxlC0/cxnUClSH4IjyPbrkVi5kY
V1riOLy+36N1Wvk1tYX6BUzCcvBCRthOHGV/BzqsbxQxnz5sb4rMHgZrhOtCFZVI
LIEMO78vilqlfd5iQYywb2WX+rBcDO/8/CI1OszGjvw6wvMHGLKUUWBlux94SweN
vOKkN+ab8rCzOnfKq2TaHbVjPw9hU5kZ2dg0/2sGQRKrbZysyzmyswF89aWgE5CM
788P/9yt43QqGFHj7L6R6EsPryEKX5sBvtognTzbtvKqdE+f5jnqsfD9gjIN0ADY
mgS1vYitS8jQacEVD1C6AETmabI389kHDdqkpLUVDwgJLvT5XUcShXn2RUdLeos8
YluEduvf1bAbFIcHJiVPJCY/kQGKQjTDhLGeE8Ci9Pnp4ypCCbzhmD7CKqJOUUB4
uXShypIDr1jhnicXN6lD
=FbhF
-----END PGP SIGNATURE-----
More information about the Remops
mailing list