Hi,
I've been looking at implementing winhttp.dll.
Does anyone have thoughts on implementing parts of winhttp in terms of wininet? The primary issue that prevents entirely implementing winhttp in terms of wininet is that there is no direct Win32 API for fetching an SSL certificate in winhttp. To access these, I'd need access to functions defined in wininet/netconnection.c but aren't exported.
My current two ideas are to either: 1) Copy the networking sublayer from wininet into winhttp and build on top of that to implement winhttp. Effectively reimplementing mostly from scratch.
2) Implement most winhttp things in terms of wininet and then copying over parts that I need from wininet's network sublayer, like fetching SSL certificates and so on.
Thoughts on this are greatly appreciated, as I'd prefer to only have to write the library once.
-Zac
On Tuesday 01 July 2008 21:42:30 Zac Brown wrote:
Does anyone have thoughts on implementing parts of winhttp in terms of wininet? The primary issue that prevents entirely implementing winhttp in terms of wininet is that there is no direct Win32 API for fetching an SSL certificate in winhttp.
Would InternetQueryOption(INTERNET_OPTION_SECURITY_CERTIFICATE) not do what you want? There are other problems to be solved though, filtered callbacks and authentication come to mind.
This topic has been discussed before and I even wrote a proof of concept patch, all of which can be found in the list archives.
-Hans
Hans Leidekker wrote:
On Tuesday 01 July 2008 21:42:30 Zac Brown wrote:
Does anyone have thoughts on implementing parts of winhttp in terms of wininet? The primary issue that prevents entirely implementing winhttp in terms of wininet is that there is no direct Win32 API for fetching an SSL certificate in winhttp.
Would InternetQueryOption(INTERNET_OPTION_SECURITY_CERTIFICATE) not do what you want? There are other problems to be solved though, filtered callbacks and authentication come to mind.
This topic has been discussed before and I even wrote a proof of concept patch, all of which can be found in the list archives.
-Hans
Hi Hans,
Actually InternetQueryOption(INTERNET_OPTION_SECURITY_CERTIFICATE{_STRUCT}) don't get the actual certificate, only information about the certificate. The certificate would need to be in a CERT_CONTEXT structure but wininet doesn't provide a way to get that.
Unless there's a way to get a handle to the particular certificate store that wininet accesses and then enumerate the certificates to find the desired one, I'll need to write an implementation of WinHttpQueryOption that can actually fetch a certificate and produce the CERT_CONTEXT.
I've looked over your past posts a bit, including the patch you had posted to -devel that had mappings between the wininet and winhttp flags. From the start, I can tell that the WINHTTP_OPTION_SECURITY_CERTIFICATE_STRUCT is not equivalent to WINHTTP_OPTION_SERVER_CERT_CONTEXT which will actually fetch a certificate. Wininet has no equivalent to WINHTTP_OPTION_SERVER_CERT_CONTEXT.
Based on the information above, do you think its better to architect winhttp from the ground up or to use what we can of wininet, and then add the rest around it?
-Zac
2008/7/1 Zac Brown zac@zacbrown.org:
I've been looking at implementing winhttp.dll.
My current two ideas are to either:
- Copy the networking sublayer from wininet into winhttp and build on top of
that to implement winhttp. Effectively reimplementing mostly from scratch.
- Implement most winhttp things in terms of wininet and then copying over parts
that I need from wininet's network sublayer, like fetching SSL certificates and so on.
How about: 3) Copy the networking sublayer from wininet into winhttp and build on top of that to implement winhttp. Reimplement wininet on top of winhttp.
On Wednesday 02 July 2008 23:56:51 Rob Shearman wrote:
How about: 3) Copy the networking sublayer from wininet into winhttp and build on top of that to implement winhttp. Reimplement wininet on top of winhttp.
Drawback to this option is that you're going to destabilize wininet, but perhaps this is feasible now that we have a stable branch.
-Hans
Hans Leidekker wrote:
On Wednesday 02 July 2008 23:56:51 Rob Shearman wrote:
How about: 3) Copy the networking sublayer from wininet into winhttp and build on top of that to implement winhttp. Reimplement wininet on top of winhttp.
Drawback to this option is that you're going to destabilize wininet, but perhaps this is feasible now that we have a stable branch.
-Hans
I can see that it would be useful to do this so only one http set of functions need be updated as adjustments are made.
I'd say it would definitely be something to do well after winhttp is stabilized.
-Zac
-
Hans Leidekker -
Rob Shearman -
Zac Brown