HOWTO: How to Make SSL Requests Using WinInet

Last reviewed: January 19, 1998
Article ID: Q168151
The information in this article applies to:
  • Microsoft ActiveX SDK, version 1.0
  • Internet Client SDK, versions 4.0, 4.01
  • Internet Explorer (Programming), versions 4.0, 4.01

SUMMARY

This article explains how to make SSL requests using the WinInet APIs.

MORE INFORMATION

It is possible to establish a Secure Socket Layer (SSL) or Private Communications Technology (PCT) HTTP session with the WinInet APIs. Secure HTTP, denoted as HTTPS://, takes place over TCP port 443. Code similar to the following can be used to establish an HTTPS session:

   ...
   hOpen = InternetOpen (...);
   Connect = InternetConnect (
                hOpen,                      // InternetOpen handle
                "MyHttpServer",             // Server  name
      INTERNET_DEFAULT_HTTPS_PORT,// Default HTTPS port - 443
                "",                         // User name
                "",                         //  User password
                INTERNET_SERVICE_HTTP,      // Service
      0,                          // Flags
      0                           // Context
                   );
   hReq = HttpOpenRequest (
                hConnect,                   // InternetConnect handle
      "GET",                      // Method
      "",                         // Object name
      HTTP_VERSION,               // Version
      "",                         // Referrer
                NULL,                       // Extra headers
      INTERNET_FLAG_SECURE,       // Flags
      0                           // Context
                );
   ...

Please note two differences when using HTTPS instead of HTTP:
  • InternetConnect uses INTERNET_DEFAULT_HTTPS_PORT instead of INTERNET_INVALID_PORT_NUMBER or INTERNET_DEFAULT_HTTP_PORT
  • HttpOpenRequest uses the INTERNET_FLAG_SECURE option in addition to all other options.

The following two options can be used either in HttpOpenRequest or in InternetOpenUrl to ignore invalid certificate errors:
  • INTERNET_FLAG_IGNORE_CERT_CN_INVALID - Ignores errors that can be caused by the certificate host name of the server not matching the host name in the request.
  • INTERNET_FLAG_IGNORE_CERT_DATE_INVALID - Ignores errors that can be caused by an expired server certificate.

Please see the Internet Client SDK documentation for more information on these flags.

SSL and PCT functionality are provided by Schannel.dll, which is properly installed when you run the redistribution program Wintdist.exe or Wint351.exe. See Redist.txt or Axredist.txt for information about redistributing Schannel.dll.

REFERENCES

Internet Client SDK Help

(c) Microsoft Corporation 1997, All Rights Reserved. Contributions by Leon Braginski, Microsoft Corporation

Keywords          : AXSDKWinInet kbcode
Technology        : kbInetDev
Version           : Win:1.0,4.0,4.01
Platform          : WINDOWS
Issue type        : kbhowto


================================================================================


THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

Last reviewed: January 19, 1998
© 1998 Microsoft Corporation. All rights reserved. Terms of Use.