how to Ignore certificate in HttpPOST request in WINAPI

Question

I have a VC++ HttpPOST method which works fine for both 80 and 443 port. (on popular websites like google.com)

Now when I connect to a secured host(172.17.9.93) havi

Answer 1

HttpOpenRequest work only with flags form INTERNET_FLAG_* - pass flag SECURITY_FLAG_IGNORE_UNKNOWN_CA to HttpOpenRequest this is error.

look for numeric values:

#define SECURITY_FLAG_IGNORE_UNKNOWN_CA         0x00000100

#define INTERNET_FLAG_PRAGMA_NOCACHE    0x00000100  // asking wininet to add "pragma: no-cache"

so if you try pass SECURITY_FLAG_IGNORE_UNKNOWN_CA to HttpOpenRequest you really pass INTERNET_FLAG_PRAGMA_NOCACHE flag

SECURITY_FLAG_IGNORE_UNKNOWN_CA is designed to use in InternetSetOption function with INTERNET_OPTION_SECURITY_FLAGS

so you need this code use:

DWORD dwFlags;
DWORD dwBuffLen = sizeof(dwFlags);

if (InternetQueryOption (hRequest, INTERNET_OPTION_SECURITY_FLAGS, &dwFlags, &dwBuffLen))
{
    dwFlags |= SECURITY_FLAG_IGNORE_UNKNOWN_CA;
    InternetSetOption (hRequest, INTERNET_OPTION_SECURITY_FLAGS, &dwFlags, sizeof (dwFlags));
}

also read How To Handle Invalid Certificate Authority Error with WinInet - Method 2. Without a UI: is exactly your case