Databases
StackOverflow2013
Postsdbo
POWinHttp: How to use a temporary certificate store?
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POWinHttp: How to use a temporary certificate store?
    text
    copied!<p>I have a C++ application that makes a HTTPS connection to one of our servers. In my ideal world, I would like the following to occur:</p> <ol> <li>App Starts</li> <li>App makes Windows trust the server's root CA (no GUI please, just system calls)</li> <li>App talks to server, does its work, etc.</li> <li>App makes windows forget about the server's root CA</li> <li>done</li> </ol> <p>I do <em>NOT</em> want this root CA to necessarily be trusted by other apps. Therefore I don't want to install the cert system-wide. I also would like it if the user did not need Admin privileges.</p> <p>My initial plan was to create an in-memory (CERT_STORE_PROV_MEMORY) store, add my cert to that, then add that in-memory store to the system store using CertAddStoreToCollection.</p> <p>While all the CryptoAPI function calls succeed, WinHttp does not like it.</p> <p>Here is the skeleton of what I'm doing - perhaps someone knows a trick? Or perhaps this is wrong-headed in the first place?</p> <pre><code>hMemStore = CertOpenStore(CERT_STORE_PROV_MEMORY, ...); pCert = CertCreateCertificateContext(..., pCertBytes, ...); CertAddCertificateContextToStore(hMemStore, pCert, ...); hRootStore = CertOpenSystemStore(NULL, "ROOT"); CertAddStoreToCollection(hRootStore, hMemStore, ...); // Then later on... WinHttpSendRequest(...) </code></pre> <p>A few notes:</p> <ul> <li>Everything works when I use WinHttp's SECURITY_FLAG_IGNORE_UNKNOWN_CA, so I'm fairly sure this really is the issue.</li> <li>I have already seen <a href="https://stackoverflow.com/questions/656706/installing-root-ca-cert-via-code-on-win32">this SO question</a> - it is close, but does not address the issue of making the cert only <em>temporarily</em> trusted, while the app runs.</li> </ul> <p>Thanks!</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload