Pira.cz Technical Forum

Magic RDS 4 => Feature Requests => Topic started by: m1k6 on June 08, 2024, 03:04:12 am

Title: Bridge - HTTPS - Ignore Certificate
Post by: m1k6 on June 08, 2024, 03:04:12 am

Hello,
I noticed, Magic RDS seems to take care of HTTPS certificates - which is good in theory.
For reference, I created a bridge with the internal channel "sendhttp ...".
It looks like Magic RDS checks the validity of the certificate provided with the Windows certificate store.
In our case, our distribution provider uses a self signed certificate - It would be nice if it would be able to ignore invalid certificates, if wanted.
Best regards!

Title: Re: Bridge - HTTPS - Ignore Certificate
Post by: Jan on June 08, 2024, 08:57:58 am

The Magic RDS uses Windows API function HttpOpenRequest:

https://learn.microsoft.com/en-us/windows/win32/api/wininet/nf-wininet-httpopenrequesta#parameters

There are several parameters which may be useful

INTERNET_FLAG_IGNORE_CERT_CN_INVALID
Disables checking of SSL/PCT-based certificates that are returned from the server against the host name given in the request. WinINet functions use a simple check against certificates by comparing for matching host names and simple wildcarding rules.

INTERNET_FLAG_IGNORE_CERT_DATE_INVALID
Disables checking of SSL/PCT-based certificates for proper validity dates.

INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP
Disables detection of this special type of redirect. When this flag is used, WinINet functions transparently allow redirects from HTTPS to HTTP URLs.

INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS
Disables detection of this special type of redirect. When this flag is used, WinINet functions transparently allow redirects from HTTP to HTTPS URLs.

etc.

I'll add some of them to the call.

Title: Re: Bridge - HTTPS - Ignore Certificate
Post by: Jan on June 08, 2024, 10:17:34 am

Please rewrite the exe file and let me know if that helps:

https://pira.cz/rds/magicrds/magicrds.zip

Title: Re: Bridge - HTTPS - Ignore Certificate
Post by: m1k6 on June 09, 2024, 02:51:05 am

Unfortunately, that didn't help.
Based on your information, I searched a bit and found this:
https://www.conradakunga.com/blog/disable-ssl-certificate-validation-in-net/

Maybe this could help.

Title: Re: Bridge - HTTPS - Ignore Certificate
Post by: Jan on June 09, 2024, 09:40:42 am

What makes you think that the problem is in the certificate?
Also send me the URL for checking. You may use the email.

Title: Re: Bridge - HTTPS - Ignore Certificate
Post by: Jan on June 22, 2024, 11:08:30 pm

Thank you for providing access to your server. The issue has been fixed in current version 4.1.12.

Following options are enabled in current HTTP Get implementation:

Passed to HttpOpenRequest call:
INTERNET_FLAG_IGNORE_CERT_CN_INVALID
INTERNET_FLAG_IGNORE_CERT_DATE_INVALID
INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP
INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS
INTERNET_FLAG_NO_UI

Passed to InternetSetOption call:
SECURITY_FLAG_IGNORE_UNKNOWN_CA