Pages: [1]

Author Topic: Bridge - HTTPS - Ignore Certificate  (Read 619 times)

m1k6

  • Newbie
  • *
  • Posts: 12
  • Hello!
Bridge - HTTPS - Ignore Certificate
« on: June 08, 2024, 03:04:12 am »
Hello,
I noticed, Magic RDS seems to take care of HTTPS certificates - which is good in theory.
For reference, I created a bridge with the internal channel "sendhttp ...".
It looks like Magic RDS checks the validity of the certificate provided with the Windows certificate store.
In our case, our distribution provider uses a self signed certificate - It would be nice if it would be able to ignore invalid certificates, if wanted.
Best regards!
Logged

Jan

  • Hero Member
  • *****
  • Posts: 1092
Re: Bridge - HTTPS - Ignore Certificate
« Reply #1 on: June 08, 2024, 08:57:58 am »
The Magic RDS uses Windows API function HttpOpenRequest:

https://learn.microsoft.com/en-us/windows/win32/api/wininet/nf-wininet-httpopenrequesta#parameters

There are several parameters which may be useful

INTERNET_FLAG_IGNORE_CERT_CN_INVALID
Disables checking of SSL/PCT-based certificates that are returned from the server against the host name given in the request. WinINet functions use a simple check against certificates by comparing for matching host names and simple wildcarding rules.

INTERNET_FLAG_IGNORE_CERT_DATE_INVALID
Disables checking of SSL/PCT-based certificates for proper validity dates.

INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP
Disables detection of this special type of redirect. When this flag is used, WinINet functions transparently allow redirects from HTTPS to HTTP URLs.

INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS
Disables detection of this special type of redirect. When this flag is used, WinINet functions transparently allow redirects from HTTP to HTTPS URLs.

etc.

I'll add some of them to the call.
Logged

Jan

  • Hero Member
  • *****
  • Posts: 1092
Re: Bridge - HTTPS - Ignore Certificate
« Reply #2 on: June 08, 2024, 10:17:34 am »
Please rewrite the exe file and let me know if that helps:

https://pira.cz/rds/magicrds/magicrds.zip
Logged

m1k6

  • Newbie
  • *
  • Posts: 12
  • Hello!
Re: Bridge - HTTPS - Ignore Certificate
« Reply #3 on: June 09, 2024, 02:51:05 am »
Unfortunately, that didn't help.
Based on your information, I searched a bit and found this:
https://www.conradakunga.com/blog/disable-ssl-certificate-validation-in-net/

Maybe this could help.
Logged

Jan

  • Hero Member
  • *****
  • Posts: 1092
Re: Bridge - HTTPS - Ignore Certificate
« Reply #4 on: June 09, 2024, 09:40:42 am »
What makes you think that the problem is in the certificate?
Also send me the URL for checking. You may use the email.
Logged

Jan

  • Hero Member
  • *****
  • Posts: 1092
Re: Bridge - HTTPS - Ignore Certificate
« Reply #5 on: June 22, 2024, 11:08:30 pm »
Thank you for providing access to your server. The issue has been fixed in current version 4.1.12.

Following options are enabled in current HTTP Get implementation:

Passed to HttpOpenRequest call:
INTERNET_FLAG_IGNORE_CERT_CN_INVALID
INTERNET_FLAG_IGNORE_CERT_DATE_INVALID
INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP
INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS
INTERNET_FLAG_NO_UI

Passed to InternetSetOption call:
SECURITY_FLAG_IGNORE_UNKNOWN_CA
Logged
Pages: [1]
 

+ Quick Reply