Ureader.com  
Microsoft software help and Community
   home   |   control panel login   |   archive   |  
 
inet
active_desktop
active_scrptng
asp.components
asp.db
asp.general
comctl32
comp.packaging
components.dev
dbweb
dhtml_editing
docobjects
html_authoring
html_objmodel
iis
iis.ftp
iis.security
iis.smtp_nntp
indexserver
misc
mshtml_hosting
scripting.jscript
scripting.vbscript
sdk_setup
shell_objmodel
urlmonikers
webbrowser_ctl
wininet
  
 
date: Sat, 22 Dec 2007 22:13:42 -0800 (PST),    group: microsoft.public.inetsdk.programming.html_objmodel        back       


Supress SSL warnings in Internet Explorer BHO    
I'm trying to supress SSL warnings inside a IE BHO where I am using
MSHTML classes to manipulate the incoming HTML DOM.  I am using the
Passthrough Asynchronous Pluggable Protocol classes generously
provided by Igor Tandetnik on these forums. My approach was to use
InternetSetOption inside the ReportProgress method

STDMETHODIMP CHttpTraffic::ReportProgress(
	/* [in] */ ULONG ulStatusCode,
	/* [in] */ LPCWSTR szStatusText)
{
	ATLASSERT(m_spInternetProtocolSink != 0);
	HRESULT hr = m_spInternetProtocolSink ?
		m_spInternetProtocolSink->ReportProgress(ulStatusCode,
szStatusText) :
		S_OK;

	if (ulStatusCode == BINDSTATUS_CONNECTING)
	{
		DWORD dwFlag = SECURITY_FLAG_IGNORE_CERT_CN_INVALID |
SECURITY_FLAG_IGNORE_CERT_DATE_INVALID |
SECURITY_FLAG_IGNORE_UNKNOWN_CA | SECURITY_FLAG_IGNORE_WRONG_USAGE;
		BOOL bRet = InternetSetOption(NULL, INTERNET_OPTION_SECURITY_FLAGS,
(LPVOID)dwFlag, sizeof(dwFlag));
	}

	return S_OK;

}

The problem is that I do not know the HINTERNET handle that needs to
be passed to InternetSetOption. I can't seem to figure out how to
extract this handle from inside the APP. The IWinInetInfo and
IWinInetHttpInfo interfaces only seem to allow one to execute
QueryOption and not SetOption.

I am not even sure that the technique mentioned above is the best way
to accomplish this.

Is there any other way to suppress the following SSL warnings:
SECURITY_FLAG_IGNORE_CERT_CN_INVALID,
SECURITY_FLAG_IGNORE_CERT_DATE_INVALID,
SECURITY_FLAG_IGNORE_UNKNOWN_CA and SECURITY_FLAG_IGNORE_WRONG_USAGE.

Any suggestions are welcome.

Thanks in advance.
date: Sat, 22 Dec 2007 22:13:42 -0800 (PST)   author:   unknown

Re: Supress SSL warnings in Internet Explorer BHO    
wrote in message
news:ededa94b-38dc-435c-8ee8-7f8759d2caa5@i29g2000prf.googlegroups.com
> I'm trying to supress SSL warnings inside a IE BHO where I am using
> MSHTML classes to manipulate the incoming HTML DOM.  I am using the
> Passthrough Asynchronous Pluggable Protocol classes generously
> provided by Igor Tandetnik on these forums. My approach was to use
> InternetSetOption inside the ReportProgress method

Just implement IHttpSecurity::OnSecurityProblem and return S_OK
-- 
With best wishes,
    Igor Tandetnik

With sufficient thrust, pigs fly just fine. However, this is not 
necessarily a good idea. It is hard to be sure where they are going to 
land, and it could be dangerous sitting under them as they fly 
overhead. -- RFC 1925
date: Sun, 23 Dec 2007 10:19:54 -0500   author:   Igor Tandetnik

Google
 
Web ureader.com


    COPYRIGHT 2007, YARDI TECHNOLOGY LIMITED, ALL RIGHT RESERVE  |   contact us