Hans Leidekker wrote:
On Tuesday 01 July 2008 21:42:30 Zac Brown wrote:
Does anyone have thoughts on implementing parts of winhttp in terms of wininet? The primary issue that prevents entirely implementing winhttp in terms of wininet is that there is no direct Win32 API for fetching an SSL certificate in winhttp.
Would InternetQueryOption(INTERNET_OPTION_SECURITY_CERTIFICATE) not do what you want? There are other problems to be solved though, filtered callbacks and authentication come to mind.
This topic has been discussed before and I even wrote a proof of concept patch, all of which can be found in the list archives.
-Hans
Hi Hans,
Actually InternetQueryOption(INTERNET_OPTION_SECURITY_CERTIFICATE{_STRUCT}) don't get the actual certificate, only information about the certificate. The certificate would need to be in a CERT_CONTEXT structure but wininet doesn't provide a way to get that.
Unless there's a way to get a handle to the particular certificate store that wininet accesses and then enumerate the certificates to find the desired one, I'll need to write an implementation of WinHttpQueryOption that can actually fetch a certificate and produce the CERT_CONTEXT.
I've looked over your past posts a bit, including the patch you had posted to -devel that had mappings between the wininet and winhttp flags. From the start, I can tell that the WINHTTP_OPTION_SECURITY_CERTIFICATE_STRUCT is not equivalent to WINHTTP_OPTION_SERVER_CERT_CONTEXT which will actually fetch a certificate. Wininet has no equivalent to WINHTTP_OPTION_SERVER_CERT_CONTEXT.
Based on the information above, do you think its better to architect winhttp from the ground up or to use what we can of wininet, and then add the rest around it?
-Zac