I use a third party tool by the name of DwinsHs for Inno Setup.
This third party tool provides me the capability for downloading files as part of the installation.
I want to send an HTTPS request using the function DwinsHs_ReadRemoteURL.
I want the request to ignore all TLS (SSL) certificate errors but I can't find a way.
This third party tool is Open Source and this function is defined in dwinshs.iss, which you get by downloading the third party tool.
How can I ignore all SSL certificate errors in an HTTPS request using DwinsHs_ReadRemoteURL in the third party tool DwinsHs?
The dwinshs.iss uses the WinInet API. With this API, to ignore the unknown CA error, you have to call the InternetSetOption function.
That's somewhat complicated as it takes a pointer to integer with the security flags as its argument. Inno Setup does not support pointers to integers. But it supports pointers to structures (as you have commented). So you can wrap the integer to a structure.
You need to declare an alternative name for the InternetSetOption that takes the structure instead of the string (again as the Inno Setup does not support generic pointers, otherwise single declaration would suffice).
const
INTERNET_OPTION_SECURITY_FLAGS = 31;
SECURITY_FLAG_IGNORE_UNKNOWN_CA = $00000100;
type
TInteger = record
Value: Integer;
end;
function InternetSetOptionInt(
hInet: HINTERNET; dwOption: DWORD; var lpBuffer: TInteger; dwBufferLength: DWORD): BOOL;
external 'InternetSetOptionA@wininet.dll stdcall delayload setuponly';
And use it like:
SecurityFlags.Value := SECURITY_FLAG_IGNORE_UNKNOWN_CA;
InternetSetOptionInt(
hRequest, INTERNET_OPTION_SECURITY_FLAGS, SecurityFlags, SizeOf(SecurityFlags))
(after the hRequest is assigned in dwinshs.iss).
Or use a plain HTTP instead. HTTPS set to ignore certificate errors is not secure anyway.
Or use a different library to download the files.
The Inno Download Plugin can ignore all certificate errors with:
idpSetOption('InvalidCert', 'ignore');