Wininet库忽略Https证书
相信很多朋友使用C++ WINAPI开发的时候网络模块的时候遇到Https忽悠证书无效的情况下,
仍然希望获取结果下列代码便是忽略异常的Https CA证书,下面对原理进行简单的讲解首先,
需要设置Https忽略需要用到如下结果函数与参数InternetQueryOptionA/InternetSetOptionA
参数需要SECURITY_FLAG_IGNORE_UNKNOWN_CA,下面建议先阅读下代码可以发现忽略Https证书
是发生在HttpSendRequestA之后设置这是因为InternetConnect主要负责主要负责建立与服务器
的连接,而涉及到CA(Certificate Authority)的验证通常是在建立连接后的HTTP请求阶段进行的,
CA的验证是在SSL/TLS握手过程中完成的,而握手过程通常是在 HttpSendRequestA被调用时发生。
因此,在建立连接时,我们还没有进入HTTP请求的阶段,所以无法在 InternetConnect 之前
处理CA验证的问题,因此下列代码是进行这样忽略的首先HttpSendRequestA返回ERROR_INTERNET_INVALID_CA
出现CA证书异常这个时候需要忽略证书无效,InternetQueryOptionA获取当前的安全选项然后
追加上SECURITY_FLAG_IGNORE_UNKNOWN_CA忽略证书无效CA将设置后的值通过InternetSetOptionA
函数应用再次发起HttpSendRequestA即可忽略CA证书进行下一步操作。
#include <Windows.h>
#include <Wininet.h>
#include <stdio.h>
#pragma comment(lib, "wininet.lib")
#define TRANSFER_SIZE 1024
bool PerformHttpRequest() {
LPCSTR lpszAgent = "";
HINTERNET hInternet = InternetOpenA(lpszAgent, INTERNET_OPEN_TYPE_PRECONFIG, NULL, NULL, 0);
if (!hInternet) {
return false;
}
LPCSTR lpszServerName = "192.168.99.111";
INTERNET_PORT nServerPort = INTERNET_DEFAULT_HTTPS_PORT;
LPCSTR lpszUserName = NULL;
LPCSTR lpszPassword = NULL;
DWORD dwConnectFlags = 0;
DWORD dwConnectContext = 0;
HINTERNET hConnect = InternetConnectA(hInternet,
lpszServerName, nServerPort,
lpszUserName, lpszPassword,
INTERNET_SERVICE_HTTP,
dwConnectFlags, dwConnectContext);
if (!hConnect) {
InternetCloseHandle(hInternet);
return false;
}
LPCSTR lpszVerb = "GET";
LPCSTR lpszObjectName = "/Login";
LPCSTR lpszVersion = NULL;
LPCSTR lpszReferrer = NULL;
LPCSTR* lplpszAcceptTypes = NULL;
DWORD dwOpenRequestFlags = INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP |
INTERNET_FLAG_KEEP_CONNECTION |
INTERNET_FLAG_NO_AUTH |
INTERNET_FLAG_NO_COOKIES |
INTERNET_FLAG_NO_UI |
INTERNET_FLAG_SECURE |
INTERNET_FLAG_IGNORE_CERT_CN_INVALID |
INTERNET_FLAG_RELOAD;
DWORD dwOpenRequestContext = 0;
HINTERNET hRequest = HttpOpenRequestA(hConnect, lpszVerb, lpszObjectName, lpszVersion,
lpszReferrer, lplpszAcceptTypes,
dwOpenRequestFlags, dwOpenRequestContext);
if (!hRequest) {
InternetCloseHandle(hConnect);
InternetCloseHandle(hInternet);
return false;
}
BOOL bResult = HttpSendRequestA(hRequest, NULL, 0, NULL, 0);
if (!bResult && GetLastError() == ERROR_INTERNET_INVALID_CA) {
DWORD dwFlags;
DWORD dwBuffLen = sizeof(dwFlags);
InternetQueryOptionA(hRequest, INTERNET_OPTION_SECURITY_FLAGS, (LPVOID)&dwFlags, &dwBuffLen);
dwFlags |= SECURITY_FLAG_IGNORE_UNKNOWN_CA;
InternetSetOptionA(hRequest, INTERNET_OPTION_SECURITY_FLAGS, &dwFlags, sizeof(dwFlags));
bResult = HttpSendRequestA(hRequest, NULL, 0, NULL, 0);
}
if (!bResult) {
InternetCloseHandle(hRequest);
InternetCloseHandle(hConnect);
InternetCloseHandle(hInternet);
return false;
}
char szBuff[TRANSFER_SIZE];
DWORD dwReadSize = TRANSFER_SIZE;
bResult = HttpQueryInfoA(hRequest, HTTP_QUERY_RAW_HEADERS_CRLF, szBuff, &dwReadSize, NULL);
if (!bResult) {
InternetCloseHandle(hRequest);
InternetCloseHandle(hConnect);
InternetCloseHandle(hInternet);
return false;
}
szBuff[dwReadSize] = '\0';
printf("%s\n", szBuff);
DWORD dwBytesAvailable;
bResult = InternetQueryDataAvailable(hRequest, &dwBytesAvailable, 0, 0);
if (!bResult) {
InternetCloseHandle(hRequest);
InternetCloseHandle(hConnect);
InternetCloseHandle(hInternet);
return false;
}
if (dwBytesAvailable > TRANSFER_SIZE) {
printf("数据太长 %d /b", GetLastError(), dwBytesAvailable);
InternetCloseHandle(hRequest);
InternetCloseHandle(hConnect);
InternetCloseHandle(hInternet);
return false;
}
DWORD dwBytesRead;
bResult = InternetReadFile(hRequest, szBuff, dwBytesAvailable, &dwBytesRead);
if (!bResult) {
InternetCloseHandle(hRequest);
InternetCloseHandle(hConnect);
InternetCloseHandle(hInternet);
return false;
}
szBuff[dwBytesRead] = '\0';
printf("%s\n", szBuff);
InternetCloseHandle(hRequest);
InternetCloseHandle(hConnect);
InternetCloseHandle(hInternet);
return true;
}
int main() {
if (PerformHttpRequest()) {
return 0;
}
else {
return 1;
}
}
