Thoughts on implementation of winhttp.dll
Zac Brown
zac at zacbrown.org
Wed Jul 2 12:26:39 CDT 2008
Hans Leidekker wrote:
> On Tuesday 01 July 2008 21:42:30 Zac Brown wrote:
>
>> Does anyone have thoughts on implementing parts of winhttp in terms of
>> wininet? The primary issue that prevents entirely implementing winhttp in
>> terms of wininet is that there is no direct Win32 API for fetching an SSL
>> certificate in winhttp.
>
> Would InternetQueryOption(INTERNET_OPTION_SECURITY_CERTIFICATE) not do
> what you want? There are other problems to be solved though, filtered
> callbacks and authentication come to mind.
>
> This topic has been discussed before and I even wrote a proof of concept
> patch, all of which can be found in the list archives.
>
> -Hans
>
Hi Hans,
Actually InternetQueryOption(INTERNET_OPTION_SECURITY_CERTIFICATE{_STRUCT})
don't get the actual certificate, only information about the certificate. The
certificate would need to be in a CERT_CONTEXT structure but wininet doesn't
provide a way to get that.
Unless there's a way to get a handle to the particular certificate store that
wininet accesses and then enumerate the certificates to find the desired one,
I'll need to write an implementation of WinHttpQueryOption that can actually
fetch a certificate and produce the CERT_CONTEXT.
I've looked over your past posts a bit, including the patch you had posted to
-devel that had mappings between the wininet and winhttp flags. From the start,
I can tell that the WINHTTP_OPTION_SECURITY_CERTIFICATE_STRUCT is not equivalent
to WINHTTP_OPTION_SERVER_CERT_CONTEXT which will actually fetch a certificate.
Wininet has no equivalent to WINHTTP_OPTION_SERVER_CERT_CONTEXT.
Based on the information above, do you think its better to architect winhttp
from the ground up or to use what we can of wininet, and then add the rest
around it?
-Zac
More information about the wine-devel
mailing list