StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
text
Body
copied!<p>WinInet will already validate returned certificate's domain name matches the certificate and the certificate chain is trusted if you set INTERNET_FLAG_SECURE when calling HttpOpenRequest. </p> <p>Few things you can do afterwards:</p> <ol> <li><p>Use INTERNET_OPTION_SECURITY_CERTIFICATE_STRUCT's lpszIssuerInfo to compare returned domain name and certificate name match to parent certificate that is expected.</p></li> <li><p>Parse out Issuer name from lpszIssuerInfo and call to CertFindCertificateInStore to get certificate context pointer.</p></li> <li><p>Get and validate certificate chain using CertGetCertificateChain and certificate context pointer, such as comparing thumbprints of issuing certificates, but not the actual certificate itself to my knowledge.</p></li> </ol> <p>For future reference, from MSDN: "<a href="http://msdn.microsoft.com/en-us/library/aa385328(VS.85).aspx" rel="nofollow noreferrer">http://msdn.microsoft.com/en-us/library/aa385328(VS.85).aspx</a>". If IE8.0 is installed, there is a new option that exposes server's certificate chain.</p> <p>INTERNET_OPTION_SERVER_CERT_CHAIN_CONTEXT 105</p> <p>Retrieves the server’s certificate-chain context as a duplicated PCCERT_CHAIN_CONTEXT. You may pass this duplicated context to any Crypto API function which takes a PCCERT_CHAIN_CONTEXT. You must call CertFreeCertificateChain on the returned PCCERT_CHAIN_CONTEXT when you are done with the certificate-chain context.</p> <p>Version: Requires Internet Explorer 8.0.</p>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload