Re: Windows Mobile + https + clientcertificates?
- From: "Anthony Jacques" <AnthonyJ@xxxxxxxxxxxxxx>
- Date: Sun, 4 Nov 2007 22:57:55 -0000
Hi
Thanks for the reply. Unfortunately I dont think I'm too much further forward. I've gone through the same process again, of getting it working on XP using WinINet, and then ported the code over, and again hit an error.
The code I have works perfectly on XP, but it requires me to call InternetSetOption with INTERNET_OPTION_CLIENT_CERT_CONTEXT, passing it the PCERT_CONTEXT obtained from the Crypto APIs.
On the Windows Mobile device, I've successfully obtained the certificate via the crypto APIs, and called the SetOption, with no apparent error. However, it still fails (the SendRequest actually says it succeeds, but I have an HTTP status of 500, internal server error, and no results). If I dont try to set the certificate I get the expected errors regarding needing a client certificate.
At the moment my guess is that again its not available in the Windows Mobile version of this API. I notice that this option is listed in the full Windows API reference ( http://msdn2.microsoft.com/en-us/library/aa385328.aspx ) but not in the CE / Mobile reference ( http://msdn2.microsoft.com/en-us/library/ms918381.aspx ), although the CE docs reference CE 5.0, not WM6, so maybe arent fully up to date?
I've not yet researched the appropriate parts of the low level WinSock interface - do you think its likely that this will support it if none of the higher level APIs support it?
At the moment it is looking like using OpenSSL + libcurl + wincecompat is the most likely route to a complete https implementation, but I would rather not due to the licences on these libs.
Regards
Anthony
(at least I'm getting to know all the different ways you can send HTTP requests!)
"Dylan DSilva (MS)" <ddsilva@xxxxxxxxxxxxx> wrote in message news:OpNYsunGIHA.4296@xxxxxxxxxxxxxxxxxxxxxxx
http://msdn2.microsoft.com/en-us/library/ms905663.aspx has information on how to use SSL with Wininet which is probably what will work best for your application. You can also make use of SSL through lower level interfaces such as Winsock (Secure sockets) or the SSPI.
--
Dylan DSilva
Software Development Engineer
Microsoft Corporation
This posting is provided "AS IS" with no warranties, and confers no rights.
You assume all risk for your use. © Microsoft Corporation. All rights
reserved.
"Anthony Jacques" <AnthonyJ@xxxxxxxxxxxxxx> wrote in message news:B44356E5-DE79-4491-860F-7B17D84E1C1C@xxxxxxxxxxxxxxxxHi all,
I am trying to write an application which communicates with a webservice via SOAP, from a Windows Mobile 6 device.
The web server is configured to use SSL and client certificates for authentication. Additionally, the server certificate on the test server is self-signed (the live server is not), and so the client application needs to be able to ignore server certificate errors (non trusted CA), and also supply the correct client certificate.
I have written applications under Windows XP which are able to cope with this, but as yet have been unable to port them over to the WM6 device. I have so far tried two approaches:
- C# using a proxy class created from the .wsdl. When running from the Windows XP environment, I had to set the ClientCertificates member, and also an ICertificatePolicy to ignore the certificate errors on the test server. I am unable to do either of these things in the .NET Compact Framework.
- C++, using msxml's IXMLHTTPRequest object to submit the request. Under XP I was able to use IServerXMLHTTPRequest and use setOption to set both the client certificate, and the server certificate error handling options, but since this interface doesnt exist in the WM6 implementation of msxml this seems a dead end too. When using IXMLHTTPRequest, unlike under XP, the client prompts for the certificate from the local store, but I still get an error (status 0 for some reason, and no response data), which I assume is because of the self-signed server certificate? Also, it wouldnt really be acceptable to prompt the user each time for the certificate, so I would want to do this programatically.
It seems like this should be possible as IE is able to connect once I have supplied the client certificate - so am I simply missing the right interface? Does anyone have any suggestions on how I can get this to work?
Does nobody else out there use client certificates in a mobile environment? I expected the security aspects to be even more important in a mobile environment, so am surprised that this seems to be unsupported functionality.
TIA
Anthony
.
- Follow-Ups:
- Re: Windows Mobile + https + clientcertificates?
- From: Dylan DSilva \(MS\)
- Re: Windows Mobile + https + clientcertificates?
- Prev by Date: Re: Porting from VxWorks to WinCE
- Next by Date: How to Change "JPEG Encoder Quality" in WindowsCE 5.0
- Previous by thread: Re: Porting from VxWorks to WinCE
- Next by thread: Re: Windows Mobile + https + clientcertificates?
- Index(es):
Relevant Pages
|
