winapiwinhttp

How to ignore invalid certificates with IWinHttpRequest?


i am using Microsoft's WinHttpRequest COM object to request a web-page with an invalid certificate:

IWinHttpRequest http = new WinHttpRequest();
http.Open("GET", url, false);
http.Send(null);

Except that the call to Send throws an exception:

0x80072F0D - The certificate authority is invalid or incorrect

How do i tell WinHttpRequest that i don't care, and i want it to retrieve the page i asked for?


Solution

  • The solution is to ignore four kinds of SSL errors:

    //Code is released into the public domain. No attribution required. 
    IWinHttpRequest http = new WinHttpRequest();
    http.Open("GET", url, false);
    
    //ignore any TLS errors 
    option = http.Option[WinHttpRequestOption_SslErrorIgnoreFlags];
    options = options | SslErrorFlag_Ignore_All;
    http.Option[WinHttpRequestOption_SslErrorIgnoreFlags] = option; 
    
        //SslErrorFlag_Ignore_All                                  0x3300
        //Unknown certification authority (CA) or untrusted root   0x0100
        //Wrong usage                                              0x0200
        //Invalid common name (CN)                                 0x1000
        //Invalid date or certificate expired                      0x2000
    
    http.Send(null);