How to ignore self-signed certificates

loadod dipper 1 Reputation point
2022-09-03T19:02:20.817+00:00

I am running a web server locally with a self-signed certificate that I would like to send requests to using this code

int request(char * host, int port,char * endpoint, char * data, size_t dlen )  
{  
    LPCSTR accept[] = {"*/*", NULL};  
    char  hdrs[] = "Content-Type: application/json";  
    HINTERNET hConnect, hSession, hRequest;  
    hSession = InternetOpen("",  
                            INTERNET_OPEN_TYPE_PRECONFIG,  
                            NULL,  
                            NULL,  
                            0);  
    DWORD dwFlags;  
    DWORD dwBuffLen = sizeof(dwFlags);  


    hConnect = InternetConnect(hSession,  
                                host,  
                                port,  
                                NULL,  
                                NULL,  
                                INTERNET_SERVICE_HTTP,0,1);  
    hRequest = HttpOpenRequest(hConnect,  
                                "GET",   
                                endpoint,  
                                _T("HTTP/1.1"),  
                                NULL,  
                                accept,  
                                INTERNET_FLAG_SECURE,1);  

    if (InternetQueryOption (hRequest, INTERNET_OPTION_SECURITY_FLAGS, &dwFlags, &dwBuffLen))  
    {  
        printf("Ignoring CA\n");  
        dwFlags |= SECURITY_FLAG_IGNORE_UNKNOWN_CA;  
        dwFlags |= SECURITY_FLAG_IGNORE_CERT_CN_INVALID;  
        dwFlags |= SECURITY_FLAG_IGNORE_CERT_DATE_INVALID;  
        InternetSetOption (hRequest, INTERNET_OPTION_SECURITY_FLAGS, &dwFlags, sizeof (dwFlags));  
    }  

    hRequest = HttpOpenRequest(hConnect,  
                                "GET",   
                                endpoint,  
                                _T("HTTP/1.1"),  
                                NULL,  
                                accept,  
                                INTERNET_FLAG_PRAGMA_NOCACHE,1);  

    if (hRequest == NULL)  
        printf("Error: %ld\n", GetLastError());  
    if (HttpSendRequest(hRequest, hdrs, strlen(hdrs), data, dlen))  
    {  
        DWORD received;  
        char tmp[MAX_LEN];  
        while (InternetReadFile(hRequest, tmp, MAX_LEN, &received) && received)     
            printf("%s\n", tmp);  
    }  
    return 0;  
}  

Some resources claim that in order for this to work I should use HttpOpenRequest two times and set the flags on the second request, but this does not work, when checking Microsoft Learn I didn't find a mention on how to use except for this which uses c++ and the new keyword but I am writing my program in c language

using this code to send requests to the web server results in no responses on the server side and no errors on the client side

Windows API - Win32
Windows API - Win32
A core set of Windows application programming interfaces (APIs) for desktop and server applications. Previously known as Win32 API.
2,447 questions
{count} votes