Re: Windows Mobile + https + clientcertificates?
- From: "Dylan DSilva \(MS\)" <ddsilva@xxxxxxxxxxxxx>
- Date: Mon, 5 Nov 2007 10:16:19 -0800
INTERNET_OPTION_CLIENT_CERT_CONTEXT is supported on both WM6 and CE 5.0 (see
http://msdn2.microsoft.com/en-us/library/aa917905.aspx). Did you ensure that
the Crypto APIs returned the correct certificate? You need to retrieve a
client certificate for which you have an associated private key. Also if you
could monitor the traffic between your device and the server with a packet
capture tool that would help narrow down the problem.
--
Dylan DSilva
Software Development Engineer
Microsoft Corporation
This posting is provided "AS IS" with no warranties, and confers no rights.
You assume all risk for your use. © Microsoft Corporation. All rights
reserved.
"Anthony Jacques" <AnthonyJ@xxxxxxxxxxxxxx> wrote in message
news:27963570-767E-4737-9E92-7C8CC5DB7449@xxxxxxxxxxxxxxxx
Hi
Thanks for the reply. Unfortunately I dont think I'm too much further
forward. I've gone through the same process again, of getting it working
on XP using WinINet, and then ported the code over, and again hit an
error.
The code I have works perfectly on XP, but it requires me to call
InternetSetOption with INTERNET_OPTION_CLIENT_CERT_CONTEXT, passing it
the PCERT_CONTEXT obtained from the Crypto APIs.
On the Windows Mobile device, I've successfully obtained the certificate
via the crypto APIs, and called the SetOption, with no apparent error.
However, it still fails (the SendRequest actually says it succeeds, but I
have an HTTP status of 500, internal server error, and no results). If I
dont try to set the certificate I get the expected errors regarding
needing a client certificate.
At the moment my guess is that again its not available in the Windows
Mobile version of this API. I notice that this option is listed in the
full Windows API reference (
http://msdn2.microsoft.com/en-us/library/aa385328.aspx ) but not in the CE
/ Mobile reference (
http://msdn2.microsoft.com/en-us/library/ms918381.aspx ), although the CE
docs reference CE 5.0, not WM6, so maybe arent fully up to date?
I've not yet researched the appropriate parts of the low level WinSock
interface - do you think its likely that this will support it if none of
the higher level APIs support it?
At the moment it is looking like using OpenSSL + libcurl + wincecompat is
the most likely route to a complete https implementation, but I would
rather not due to the licences on these libs.
Regards
Anthony
(at least I'm getting to know all the different ways you can send HTTP
requests!)
"Dylan DSilva (MS)" <ddsilva@xxxxxxxxxxxxx> wrote in message
news:OpNYsunGIHA.4296@xxxxxxxxxxxxxxxxxxxxxxx
http://msdn2.microsoft.com/en-us/library/ms905663.aspx has information on
how to use SSL with Wininet which is probably what will work best for
your application. You can also make use of SSL through lower level
interfaces such as Winsock (Secure sockets) or the SSPI.
--
Dylan DSilva
Software Development Engineer
Microsoft Corporation
This posting is provided "AS IS" with no warranties, and confers no
rights.
You assume all risk for your use. © Microsoft Corporation. All rights
reserved.
"Anthony Jacques" <AnthonyJ@xxxxxxxxxxxxxx> wrote in message
news:B44356E5-DE79-4491-860F-7B17D84E1C1C@xxxxxxxxxxxxxxxx
Hi all,
I am trying to write an application which communicates with a webservice
via SOAP, from a Windows Mobile 6 device.
The web server is configured to use SSL and client certificates for
authentication. Additionally, the server certificate on the test server
is self-signed (the live server is not), and so the client application
needs to be able to ignore server certificate errors (non trusted CA),
and also supply the correct client certificate.
I have written applications under Windows XP which are able to cope with
this, but as yet have been unable to port them over to the WM6 device. I
have so far tried two approaches:
- C# using a proxy class created from the .wsdl. When running from the
Windows XP environment, I had to set the ClientCertificates member, and
also an ICertificatePolicy to ignore the certificate errors on the test
server. I am unable to do either of these things in the .NET Compact
Framework.
- C++, using msxml's IXMLHTTPRequest object to submit the request. Under
XP I was able to use IServerXMLHTTPRequest and use setOption to set both
the client certificate, and the server certificate error handling
options, but since this interface doesnt exist in the WM6 implementation
of msxml this seems a dead end too. When using IXMLHTTPRequest, unlike
under XP, the client prompts for the certificate from the local store,
but I still get an error (status 0 for some reason, and no response
data), which I assume is because of the self-signed server certificate?
Also, it wouldnt really be acceptable to prompt the user each time for
the certificate, so I would want to do this programatically.
It seems like this should be possible as IE is able to connect once I
have supplied the client certificate - so am I simply missing the right
interface? Does anyone have any suggestions on how I can get this to
work?
Does nobody else out there use client certificates in a mobile
environment? I expected the security aspects to be even more important
in a mobile environment, so am surprised that this seems to be
unsupported functionality.
TIA
Anthony
.
- References:
- Re: Windows Mobile + https + clientcertificates?
- From: Anthony Jacques
- Re: Windows Mobile + https + clientcertificates?
- Prev by Date: Re: How to skin all windows' background?
- Next by Date: Re: DllImport problem
- Previous by thread: Re: Windows Mobile + https + clientcertificates?
- Next by thread: How to Change "JPEG Encoder Quality" in WindowsCE 5.0
- Index(es):
Relevant Pages
|
