2,782 questions
As ERROR_WINHTTP_CLIENT_AUTH_CERT_NEEDED said, you need to set the client certificate context using WINHTTP_OPTION_CLIENT_CERT_CONTEXT.
And ReadCertFromFile (PFXImportCertStore) could be useful to you.
WinHttp and TLS and WebSockets in C + Win32API
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(131.20000000000002, 9%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDC%3C/text%3E%3C/svg%3E)
David Clarke (eicx.com)
0
Reputation points
We are trying to add WebSocket communications to an existing program.
We are trying to connect to hardware that is waiting for an WebSocket connection on port 5001.
Hardware manufacturer has given us a sample program in Python to prove hardware is working - it is.
Python sample calls hardware after one SYN, one SYN ACK and one ACK Python sample sends a "Client Hello" works fine.
Trying to do the same thing with WinHttp.
1 - call WinHttpConnect - get session handle
2 - call WinHttpOpenRequest - get request handle
Note: WinHttpSetOption can be called with Session handle or a Request handle
We call it with WINHTTP_OPTION_UPGRADE_TO_WEB_SOCKET using a Request handle
3 - call WinHttpSetOption - send Request handle and WINHTTP_OPTION_UPGRADE_TO_WEB_SOCKET - It Returns True (success)
4 - call WinHttpSendRequest - send Request handle
Call to WinHttpSendRequest returns error:
ERROR_WINHTTP_CLIENT_AUTH_CERT_NEEDED
QUESTION: Is there a way I could have told the request in advance that I already know the auth_cert? In python I simply add cert_path='comm.crt' to the APIWebSocketClient call.
Then I try:
Note: Using SessionHandle here as per - https://learn.microsoft.com/en-us/windows/win32/winhttp/option-flags
DWORD secure_protocols = %WINHTTP_FLAG_SECURE_PROTOCOL_ALL OR %WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_3
Note: Using SessionHandle here as per - https://learn.microsoft.com/en-us/windows/win32/winhttp/option-flags
calling WinHttpSetOption(hSessionHandle, %WINHTTP_OPTION_SECURE_PROTOCOLS, secure_protocols, SIZEOF(secure_protocols))
Calling that results in an invalid memory error.
If we remove the above call to WinHttpSetOption and then call:
5 - WinHttpSetOption(hRequestHandle, WINHTTP_OPTION_UPGRADE_TO_WEB_SOCKET, 0,0)
6 - call WinHttpSendRequest(hRequestHandle, WINHTTP_NO_ADDITIONAL_HEADERS,0,0,0,0,0)
Results:
error - ERROR_WINHTTP_CLIENT_AUTH_CERT_NEEDED
Could somebody enlighten me and show how to get the cert into the picure.
There are some cryptic discussions about looking through all the certs to find the one you want.
HOWEVER - There is no instruction as to what to do if you find one you want...
Thanks!
Windows development Windows API - Win32
1 answer
Sort by: Most helpful
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 34%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EXY%3C/text%3E%3C/svg%3E)
Xiaopo Yang - MSFT 12,731 Reputation points Microsoft External Staff2023-03-10T03:17:18.27+00:00 -
Deleted
This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
-
Deleted
This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
-
Xiaopo Yang - MSFT 12,731 Reputation points Microsoft External Staff
2023-03-23T09:32:17.8366667+00:00 Hello @David Clarke (eicx.com), Any update?
Sign in to comment -