acceptable certificate authorities from SSL connection in wininet or schannel

From: William Bardwell (bardwell_at_nospam.nospam)
Date: 05/21/04 

Date: Fri, 21 May 2004 09:49:32 -0400

How do I get at the list of acceptable client certificate authorities
(for a client certificate to be sent to an SSL server when establishing
the connection)?

WinInet lets you set the client certificate to be used, using
InternetSetOption(INTERNET_OPTION_CLIENT_CERT_CONTEXT), but
I need to know what certificate authorities the client certificate
can be signed by, so that I can filter the list of possible
certificates, and only choose or offer valid ones. (WinInet
does this itself in InternetErrorDlg, but I want to be able
to do it myself.) Is there a way to do this with WinInet?

So, I can't find anyway to do that in WinInet, so I was thinking
that maybe I could just make an extra connection to the SSL server
with schannel and get the acceptable certificate authority info from
that, but that is the most impenetrable API ever...So, does anyone
know how to get that info. out of schannel? (I am not finding
much in the way of samples of basic use of schannel to make a
connection, so if anyone knows of a good one, that would be helpful
too...) Am I supposed to use
QueryCredentialsAttributes(SECPKG_ATTR_ISSUER_LIST_EX)?

Thanks.
William Bardwell
bardwell.nospam@curl.com
aka
bardwell@nospam.nospam

Relevant Pages

  • Re: acceptable certificate authorities from SSL connection in wininet or schannel
    ... I don't know how to do this with WinInet but the SDK samples webserver.c and ... QueryContextAttributes with ... > How do I get at the list of acceptable client certificate authorities> (for a client certificate to be sent to an SSL server when establishing> the connection)? ...
    (microsoft.public.platformsdk.security)
  • Re: Disable requesting client certificate when running in SSL
    ... Regarding getting your client certificate to work, I think it needs to be ... in the cert or does altSecurityIdentities need ... > done unless the QUERYCLIENTCERT function is set by using the connection ... the handshake only involves identifying the server" ...
    (microsoft.public.windows.server.active_directory)
  • Re: IOException whit large request using certificates on IIS 6.0
    ... I used it to set a new size, as the request is ... The note below says that it not recommended for non client certificate ... This is the log from IIS for the specific call, ... When i do a post to this webserver using unsecure http connection, ...
    (microsoft.public.inetserver.iis.security)
  • Programming a certificate handshake for IIS in VB.NET and ASP.NET
    ... >We're trying to create a data bridge between our customer ... >running WebMethods and our site running IIS. ... >establish a handshake connection (the sender of the data ... >we change it to "Require Client Certificate" the customer ...
    (microsoft.public.inetserver.iis.security)
  • Re: FTP SSL client
    ... you probably don't need a client certificate - but the ftp client ... > TLS/SSL after an initial cleartext connection, ... of the ftp protocol it might be a bit trickier with the data connection. ...
    (comp.unix.bsd.freebsd.misc)
Quantcast