cert: disable security flags when WinHttpSetOption is WINHTTP_OPTION_CLIENT_CERT_CONTEXT
This commit is contained in:
parent
a65b996080
commit
42138b7a7d
@ -244,16 +244,30 @@ WINHTTPAPI BOOL hook_WinHttpSetOption(
|
|||||||
if (dwOption == WINHTTP_OPTION_CLIENT_CERT_CONTEXT) {
|
if (dwOption == WINHTTP_OPTION_CLIENT_CERT_CONTEXT) {
|
||||||
// This is U G L Y and will fail on servers that actually check the client cert.
|
// This is U G L Y and will fail on servers that actually check the client cert.
|
||||||
dprintf("Cert: Block WINHTTP_OPTION_CLIENT_CERT_CONTEXT\n");
|
dprintf("Cert: Block WINHTTP_OPTION_CLIENT_CERT_CONTEXT\n");
|
||||||
return true;
|
|
||||||
}
|
|
||||||
else if (dwOption == WINHTTP_OPTION_SECURITY_FLAGS) {
|
|
||||||
dprintf("Cert: Add all security ignore flags\n");
|
|
||||||
int value = SECURITY_FLAG_IGNORE_UNKNOWN_CA | SECURITY_FLAG_IGNORE_CERT_DATE_INVALID | SECURITY_FLAG_IGNORE_CERT_CN_INVALID; // the kitchen sink
|
|
||||||
WINHTTP_STATUS_CALLBACK cb_check = WinHttpSetStatusCallback(hInternet, (WINHTTP_STATUS_CALLBACK)ca_error_cb, WINHTTP_CALLBACK_FLAG_SECURE_FAILURE, 0);
|
WINHTTP_STATUS_CALLBACK cb_check = WinHttpSetStatusCallback(hInternet, (WINHTTP_STATUS_CALLBACK)ca_error_cb, WINHTTP_CALLBACK_FLAG_SECURE_FAILURE, 0);
|
||||||
if (cb_check == WINHTTP_INVALID_STATUS_CALLBACK) {
|
if (cb_check == WINHTTP_INVALID_STATUS_CALLBACK) {
|
||||||
dprintf("Cert: Failed to set SSL error callback: %08lX\n", GetLastError());
|
dprintf("Cert: Failed to set SSL error callback: %08lX\n", GetLastError());
|
||||||
SetLastError(0);
|
SetLastError(0);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Sneak in security disable while we're here
|
||||||
|
int value = SECURITY_FLAG_IGNORE_UNKNOWN_CA | SECURITY_FLAG_IGNORE_CERT_DATE_INVALID | SECURITY_FLAG_IGNORE_CERT_CN_INVALID; // the kitchen sink
|
||||||
|
if (!next_WinHttpSetOption(hInternet, WINHTTP_OPTION_SECURITY_FLAGS, &value, 4)) {
|
||||||
|
dprintf("Cert: Failed to set ignore security flags: %08lX\n", GetLastError());
|
||||||
|
SetLastError(0);
|
||||||
|
}
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
else if (dwOption == WINHTTP_OPTION_SECURITY_FLAGS) {
|
||||||
|
dprintf("Cert: Add all security ignore flags\n");
|
||||||
|
|
||||||
|
WINHTTP_STATUS_CALLBACK cb_check = WinHttpSetStatusCallback(hInternet, (WINHTTP_STATUS_CALLBACK)ca_error_cb, WINHTTP_CALLBACK_FLAG_SECURE_FAILURE, 0);
|
||||||
|
if (cb_check == WINHTTP_INVALID_STATUS_CALLBACK) {
|
||||||
|
dprintf("Cert: Failed to set SSL error callback: %08lX\n", GetLastError());
|
||||||
|
SetLastError(0);
|
||||||
|
}
|
||||||
|
|
||||||
|
int value = SECURITY_FLAG_IGNORE_UNKNOWN_CA | SECURITY_FLAG_IGNORE_CERT_DATE_INVALID | SECURITY_FLAG_IGNORE_CERT_CN_INVALID; // the kitchen sink
|
||||||
return next_WinHttpSetOption(hInternet, dwOption, &value, dwBufferLength);
|
return next_WinHttpSetOption(hInternet, dwOption, &value, dwBufferLength);
|
||||||
} else {
|
} else {
|
||||||
dprintf("Cert: hook_WinHttpSetOption %p %08X\n", hInternet, (int)dwOption);
|
dprintf("Cert: hook_WinHttpSetOption %p %08X\n", hInternet, (int)dwOption);
|
||||||
|
Loading…
Reference in New Issue
Block a user