Click here to Skip to main content
11,638,173 members (76,195 online)
Click here to Skip to main content

Connecting to a HTTPS server with SSL using Wininet, sending client certificate and reading response

, 2 Apr 2003 302K 6.4K 82
Rate this:
Please Sign up or sign in to vote.
A sample class which illustrates how to connect to a HTTPS server, the class sends the desired client certificate and authenticates the user.

Introduction

I’ve recently needed to make a Secure Sockets Layer (SSL) connection to Visa server and send our signed client certificate in order to make our MPI application authorized. I searched many articles but could find just a few ones about the subject. I collected parts of the solution from different articles and MSDN, and implemented a simple class that performs this operation programmatically.

There’s InternetErrorDlg API for some purposes including sending client certificate modeling a selection dialog to the user. But in many cases, the programmer may require authentication without user interface (i.e. user interface requires an OK clicker J.. This might be useless for us if we want our program to do things automatically). This is done here by InternetSetOption() with INTERNET_OPTION_CLIENT_CERT_CONTEXT flag. Don’t forget that this option only works with Internet Explorer 5.01 or later (as MSDN writes).

INTERNET_OPTION_CLIENT_CERT_CONTEXT flag is not included in VC6.0 default headers. If you’ve platform SDK installed, that’s no problem, include the wininet header in sdk/include directory, else you may define it manually;

#define INTERNET_OPTION_CLIENT_CERT_CONTEXT 84

That should be ok if you don’t have old wininet.dll versions.

For readers who are not familiar with wininet, SSL or certificates:

I am not gonna tell what wininet functions do & how they are used nor about the certificates. These are generic subjects and much information can be gathered from so many resources such as MSDN. I will try to answer the questions if you send an email to me.

Well, the flow is simple. First we connect to the HTTPS server and send a HTTPS request. If the server asks for a signed client certificate, we open and dig through the system store(s) for the certificate context we need. Then resend our request but after attaching the certificate context. If the server is satisfied, we are authenticated.

  • ConnectToHttpsServer() summarizes the flow of the connection. This is the initial place.
  • SendHttpsRequest() sends a request. After that, if the server requires client certificate, we search it in the system store. If we find it, InternetSetOption() attaches the context to the connection. Then we try the SendHttpsRequest() again.

A sample usage of the class can be like this:

CSslConnection inetSec;
string sAgentName("My Firm"); 
string sServerName("207.219.70.31");//Can be any https server address 
string sUserName("");//if required 
string sPass("");//if required 
string sObjectName("/xxx.asp");//there should be an object to send a verb 
string sOrganizationUnitName("3-D Secure Compliance TestFacility"); 
string strVerb = "POST";//I chose POST verb. That’s usually done 

inetSec.SetAgentName(sAgentName); 

inetSec.SetCertStoreType(certStoreMY); 
         //The stores provided by the system 
         // are: MY, ROOT, SPC and CA 

inetSec.SetObjectName(sObjectName);      

inetSec.SetOrganizationName(sOrganizationUnitName); 

inetSec.SetPort(9660);//443 is the default HTTPS port 
inetSec.SetServerName(sServerName); 

inetSec.SetRequestID(0); 

if (!inetSec.ConnectToHttpsServer(strVerb)) { 

    cout << inetSec.GetLastErrorString()  << " Code: " 
       << inetSec.GetLastErrorCode(); << endl; 
    return 0; 
} 

if (!inetSec.SendHttpsRequest()) 
{ 
    cout << inetSec.GetLastErrorString() << " Code: " 
        << inetSec.GetLastErrorCode(); << endl
    return 0; 
} 

string response = inetSec.GetRequestResult(); 
cout << response.c_str() << endl;

The “organization name” notated functions and variables are completely sample. I chose using “O value of the issuer field” in the certificate, that’s my search criteria. You may wish to perform store search by different fields. Because, there are many fields in a certificate and a context search can be performed by any of these.

You may possibly add your own functions instead of using FindCertWithOUNITName() function. If you do that, just change the code calling this function (only in 1 place) and provide some variables and accessors which are suitable for your certificate search criteria.

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here

Share

About the Author

Ayhan AVCI
Web Developer
Turkey Turkey
No Biography provided

You may also be interested in...

Comments and Discussions

 
QuestionPCCERT_CONTEXT Pin
Member 21652527-May-13 14:09
memberMember 21652527-May-13 14:09 
BugMEMORY LEAK and HANDLES INCREASING Pin
Tomice22-Mar-13 3:19
memberTomice22-Mar-13 3:19 
QuestionPCCERT_CONTEXT global Pin
dchris_med19-Mar-12 7:47
memberdchris_med19-Mar-12 7:47 
AnswerRe: PCCERT_CONTEXT global Pin
dchris_med12-Apr-12 13:14
memberdchris_med12-Apr-12 13:14 
GeneralBug: You never actaully set the user name and password Pin
JimD.999923-Mar-10 5:01
memberJimD.999923-Mar-10 5:01 
GeneralSSLV2 instead of SSLV3 Pin
agsurfertsi23-Feb-10 11:17
memberagsurfertsi23-Feb-10 11:17 
GeneralRe: SSLV2 instead of SSLV3 Pin
EricLaw6-Apr-10 10:12
memberEricLaw6-Apr-10 10:12 
GeneralWinInet with C++ and Java servlet SSO Pin
Murali Ch19-Nov-09 1:09
memberMurali Ch19-Nov-09 1:09 
GeneralError: 12157 on file system NTFS Pin
hoogle30-Sep-08 17:35
memberhoogle30-Sep-08 17:35 
QuestionError 12029 Pin
James Xing12-Aug-07 21:36
memberJames Xing12-Aug-07 21:36 
GeneralRe: Error 12029 Pin
Member 200736623-Apr-08 16:03
memberMember 200736623-Apr-08 16:03 
General12044 Pin
bhavani bhaskar1-May-07 23:24
memberbhavani bhaskar1-May-07 23:24 
GeneralErrors Pin
Nikhil Trivedi8-Apr-07 23:43
memberNikhil Trivedi8-Apr-07 23:43 
AnswerRe: Errors Pin
pocjoc31-May-07 5:05
memberpocjoc31-May-07 5:05 
QuestionHow to upload the file Pin
saminjesus20-Feb-07 22:31
membersaminjesus20-Feb-07 22:31 
AnswerRe: How to upload the file Pin
saminjesus21-Feb-07 15:48
membersaminjesus21-Feb-07 15:48 
QuestionCan it work on SSL V3 ? Pin
zhanglongwei7-Feb-07 16:17
memberzhanglongwei7-Feb-07 16:17 
Generalerror 12045 Pin
misz_czu31-Jul-06 1:57
membermisz_czu31-Jul-06 1:57 
GeneralRe: error 12045 Pin
misz_czu31-Jul-06 21:54
membermisz_czu31-Jul-06 21:54 
AnswerRe: error 12045 Pin
pocjoc31-May-07 5:00
memberpocjoc31-May-07 5:00 
Questionhow to solve ERROR_INTERNET_INVALID_CA? Pin
victorsh17-May-06 17:19
membervictorsh17-May-06 17:19 
AnswerRe: how to solve ERROR_INTERNET_INVALID_CA? Pin
misz_czu31-Jul-06 21:54
membermisz_czu31-Jul-06 21:54 
GeneralSSL openSSL Pin
hbernstein@datavantagecorp.com12-May-06 10:35
memberhbernstein@datavantagecorp.com12-May-06 10:35 
GeneralPost XML request to Secured Server (HTTPS) Pin
vinodseth4-May-06 5:27
membervinodseth4-May-06 5:27 
Questionresponse is 500 !? Pin
seayou18-Apr-06 16:25
memberseayou18-Apr-06 16:25 
Questionhow to implement Client Certificate in ASp.net without using Winhttp Pin
amit@norinn.net5-Oct-05 19:50
memberamit@norinn.net5-Oct-05 19:50 
GeneralDeveloping SSL enabled web server for browser as client application Pin
Sushant Patil18-Jul-05 0:41
memberSushant Patil18-Jul-05 0:41 
GeneralI Can't Complite the Program Pin
flexlei19-May-05 16:12
memberflexlei19-May-05 16:12 
GeneralRe: I Can't Complite the Program Pin
pocjoc31-May-07 5:06
memberpocjoc31-May-07 5:06 
Generalignore server certificate Pin
ramfix12-May-05 4:42
memberramfix12-May-05 4:42 
GeneralRe: ignore server certificate Pin
ramfix12-May-05 5:15
memberramfix12-May-05 5:15 
GeneralError 183 HttpSendRequestEx Pin
Tin Soldier24-Mar-05 9:38
memberTin Soldier24-Mar-05 9:38 
Generalusername &amp; password instead of certificate Pin
ssing17-Jan-05 10:12
memberssing17-Jan-05 10:12 
GeneralRe: username &amp; password instead of certificate Pin
peebrain@psipog.net22-Oct-05 17:49
memberpeebrain@psipog.net22-Oct-05 17:49 
AnswerRe: username &amp; password instead of certificate Pin
pocjoc31-May-07 5:01
memberpocjoc31-May-07 5:01 
GeneralCannot perform http request - Error 12002 Pin
TomDuffy10-Dec-04 16:33
memberTomDuffy10-Dec-04 16:33 
GeneralRe: Cannot perform http request - Error 12002 Pin
Ayhan AVCI16-Dec-04 4:23
memberAyhan AVCI16-Dec-04 4:23 
GeneralRe: Cannot perform http request - Error 12002 Pin
TomDuffy22-Dec-04 8:51
memberTomDuffy22-Dec-04 8:51 
GeneralGENERAL QUERY Pin
RAGU MANDA17-Nov-04 21:52
memberRAGU MANDA17-Nov-04 21:52 
QuestionHow do i create a certificate selection string? Pin
georgezhangca15-Nov-04 8:29
membergeorgezhangca15-Nov-04 8:29 
GeneralHttps request puts ERROR_WINHTTP_CANNOT_CONNECT. Pin
Yasuhiko Yoshimura20-Oct-04 22:43
memberYasuhiko Yoshimura20-Oct-04 22:43 
GeneralI cannot compile Pin
sergio766-Sep-04 5:36
membersergio766-Sep-04 5:36 
GeneralRe: I cannot compile Pin
Ayhan AVCI14-Sep-04 3:49
memberAyhan AVCI14-Sep-04 3:49 
GeneralI am facing the same problem Pin
coe.guru21-Jan-05 21:32
membercoe.guru21-Jan-05 21:32 
GeneralRe: I am facing the same problem Pin
darren goulston2-Feb-05 6:05
memberdarren goulston2-Feb-05 6:05 
AnswerRe: I am facing the same problem Pin
nbk165-Dec-06 5:44
membernbk165-Dec-06 5:44 
GeneralCan work under VC6 Pin
peebrain@psipog.net22-Oct-05 17:24
memberpeebrain@psipog.net22-Oct-05 17:24 
GeneralRe: I cannot compile Pin
Yves14-Mar-07 12:42
memberYves14-Mar-07 12:42 
QuestionHow do I send POST parameters ? Pin
Thierry ICDC8-Jun-04 11:44
memberThierry ICDC8-Jun-04 11:44 
AnswerRe: How do I send POST parameters ? Pin
duncan3w3d15-Jul-04 11:12
memberduncan3w3d15-Jul-04 11:12 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

| Advertise | Privacy | Terms of Use | Mobile
Web04 | 2.8.150728.1 | Last Updated 3 Apr 2003
Article Copyright 2003 by Ayhan AVCI
Everything else Copyright © CodeProject, 1999-2015
Layout: fixed | fluid