Thoughts on implementation of winhttp.dll

[Zac Brown]

Hans Leidekker wrote:
> On Tuesday 01 July 2008 21:42:30 Zac Brown wrote:
> 
>> Does anyone have thoughts on implementing parts of winhttp in terms of
>> wininet? The primary issue that prevents entirely implementing winhttp in
>> terms of wininet is that there is no direct Win32 API for fetching an SSL
>> certificate in winhttp.
> 
> Would InternetQueryOption(INTERNET_OPTION_SECURITY_CERTIFICATE) not do
> what you want? There are other problems to be solved though, filtered
> callbacks and authentication come to mind.
> 
> This topic has been discussed before and I even wrote a proof of concept
> patch, all of which can be found in the list archives.
> 
>  -Hans
> 

Hi Hans,

Actually InternetQueryOption(INTERNET_OPTION_SECURITY_CERTIFICATE{_STRUCT}) 
don't get the actual certificate, only information about the certificate. The 
certificate would need to be in a CERT_CONTEXT structure but wininet doesn't 
provide a way to get that.

Unless there's a way to get a handle to the particular certificate store that 
wininet accesses and then enumerate the certificates to find the desired one, 
I'll need to write an implementation of WinHttpQueryOption that can actually 
fetch a certificate and produce the CERT_CONTEXT.

I've looked over your past posts a bit, including the patch you had posted to 
-devel that had mappings between the wininet and winhttp flags. From the start, 
I can tell that the WINHTTP_OPTION_SECURITY_CERTIFICATE_STRUCT is not equivalent 
to WINHTTP_OPTION_SERVER_CERT_CONTEXT which will actually fetch a certificate. 
Wininet has no equivalent to WINHTTP_OPTION_SERVER_CERT_CONTEXT.

Based on the information above, do you think its better to architect winhttp 
from the ground up or to use what we can of wininet, and then add the rest 
around it?


-Zac