1

I'm trying to communicate in https with a server using WinInet (from the Win32 API).

Here is a very minimalist code :

HINTERNET ses = InternetOpenA("test",INTERNET_OPEN_TYPE_DIRECT,NULL,NULL,0) ;
HINTERNET con = InternetConnectA(ses,"stackoverflow.com",INTERNET_DEFAULT_HTTPS_PORT,NULL,NULL,INTERNET_SERVICE_HTTP,0,NULL) ;
HINTERNET req = HttpOpenRequestA(con,"GET",NULL,NULL,NULL,NULL,INTERNET_FLAG_SECURE,NULL) ;
HttpSendRequestA(req,NULL,0,NULL,0) ;
DWORD read ;
char  str[3000] ;
InternetReadFile(req,reinterpret_cast<void*>(str),sizeof(str)-1,&read);
str[read] = 0 ;
cout << &str[0] << endl ;

As long as I communicate with a "classic" https server, like stackoverflow.com, everything goes well. The problem is when I try to communicate with a server that requests an authentication of the client.

I have 3 .pem files : a certificate and a private key for my client, and a root certificate that authenticates my client certificate (i.e. a certificate chain of length 2).

For information, I can connect my server using this cULR command line :

curl https://my.server --cert Client_cert.pem --key Client_key.pem --cacert Root_cert.pem

This is the proof that it's possible!

Reading the WinInet documentation, I found a page named "Handling Authentication", but it's all about username:password, and there's nothing about certificate.

I found out that I have to use the Crypt32 library : I create a certificate context with CertCreateCertificateContext (using binary data from client_cert.pem) and then pass it using InternetSetOptionA. But then, HttpSendRequestA fails with an error 12157...

I must admit that I would be glad to find a good tutorial or some code sample ! By the way, I don't have a piece of clue about how to insert my private key into that stuff...

Thanks in advance !

Captain'Flam
  • 479
  • 4
  • 12
  • It sounds like you're trying to communicate with a webserver requiring mutual authentication via a client provided certificate. Does that sound like what you're trying to do? – Daisetsu Mar 25 '19 at 17:51
  • 1
    Looks like a programming issue, not security issue. Our friends at StackOverflow are better suited to answer it. I am voting to move it there. – ThoriumBR Mar 25 '19 at 19:06
  • Possible duplicate of [Client authentication (certificat + private key) using WinInet](https://stackoverflow.com/questions/55297953/client-authentication-certificat-private-key-using-wininet) – yachoor Mar 25 '19 at 23:03
  • Yes it is a full duplicate of that previous question ! sorry about that : I re-posted it on _security.stackexchange.com_ because it seemed to be more security oriented. But in the end, my question was too much about programmation for them. So it was moved back here... However, I updated it a little during the operation. – Captain'Flam Mar 26 '19 at 08:51

0 Answers0