Jeff Sanders Technical Blog

I am a Microsoft employee that has worked on all aspects of the Web Stack for a long time. I hope these blogs are useful to you! Use this information at your own risk.


<< Go Back

How To Get Certificate Information Using Wininet Apis

- 17 Apr 2009

There are two different structures you can query in order to retrieve server certificate information.  You must do some sort of request to complete the SSL server certificate exchange, and then you can retrieve this information.  Here is an example of that technique.
C++ code listing for sample (Copy Code):

// CertificateInfo.cpp : Defines the entry point for the console application.
// This is sample code. You are responsible for input validation, and error processing.
// The following macros define the minimum required platform. The minimum required platform
// is the earliest version of Windows, Internet Explorer etc. that has the necessary features to run
// your application. The macros work by enabling all features available on platform versions up to and
// including the version specified.
// Modify the following defines if you have to target a platform prior to the ones specified below.
// Refer to MSDN for the latest info on corresponding values for different platforms.
 
#ifndef _WIN32_WINNT // Specifies that the minimum required platform is Windows Vista.
#define _WIN32_WINNT 0x0600 // Change this to the appropriate value to target other versions of Windows.
#endif
#ifndef
WIN32_LEAN_AND_MEAN
#define WIN32_LEAN_AND_MEAN
#endif
#include

</span></span>#include
</span></span>#include
</span></span>#include
</span></span>#include </span></span> // make sure you link with WinInet.lib</span>int _tmain(int argc, _TCHAR* argv[])
{

  if (argc < 2)
{

std::cout << “Please specify and HTTPS address to query the certificate information for” << std::endl;
}
  else
  {
// Get Scheme and HostName from URL passed in
    ::URL_COMPONENTS urlComp;
::ZeroMemory((
void *)&urlComp,sizeof(URL_COMPONENTS));
urlComp.dwSchemeLength = -1;
urlComp.dwHostNameLength = -1;
urlComp.dwUrlPathLength = -1;
    urlComp.dwStructSize = sizeof(URL_COMPONENTS);
    if (!::InternetCrackUrl(argv[1],wcslen(argv[1]),0,&urlComp))
{
std::cout <<
“InternetCrackUrl failed” << std::endl;
}
    else
    {
if (urlComp.nScheme != INTERNET_SCHEME_HTTPS)
{
std::cout <<
“Please specify and HTTPS address to query the certificate information for: https://www.someserver.com” << std::endl;
}
        else
        {
std::wcout <<
“opening connection to host: “ << (LPWSTR)urlComp.lpszHostName << std::endl;
HINTERNET hInternet = ::InternetOpen(_T(“”), INTERNET_OPEN_TYPE_PRECONFIG, NULL, NULL, 0);
            if (hInternet)
{
HINTERNET hConnect = ::InternetConnect( hInternet, urlComp.lpszHostName, INTERNET_DEFAULT_HTTPS_PORT, NULL, NULL, INTERNET_SERVICE_HTTP, INTERNET_FLAG_SECURE, NULL);
                if (hConnect)
{
// you could use HEAD,GET or POST here. HEAD will not return the body of the page so will be more efficient
                    HINTERNET hRequest = ::HttpOpenRequest(hConnect,_T(“HEAD”), NULL, NULL, NULL,
NULL, INTERNET_FLAG_SECURE, NULL);

if (NULL != hRequest)
{
// Send
                        BOOL fRet = ::HttpSendRequest( hRequest, _T(“”), 0, NULL, 0);

                        if (fRet)
{
char certificateInfoStr[2048];
certificateInfoStr[0] =
‘\0’;
DWORD certInfoLength = 2048;
                            if ( TRUE  == ::InternetQueryOption( hRequest, INTERNET_OPTION_SECURITY_CERTIFICATE, &certificateInfoStr, &certInfoLength) )
{
if ( certificateInfoStr )
{
std::cout << (
char *) certificateInfoStr << std::endl;
}
}
else
{
                                // process error here
DWORD error = GetLastError();
}

INTERNET_CERTIFICATE_INFO certificateInfo;
certInfoLength =
sizeof(INTERNET_CERTIFICATE_INFO);
if ( TRUE == InternetQueryOption( hRequest,
INTERNET_OPTION_SECURITY_CERTIFICATE_STRUCT,
&certificateInfo,
&certInfoLength) )
{
// free up memory with LocalFree()
 
                                if ( certificateInfo.lpszEncryptionAlgName )
{
std::cout << (
char *) certificateInfo.lpszEncryptionAlgName << std::endl;
LocalFree( certificateInfo.lpszEncryptionAlgName);
}

                                if ( certificateInfo.lpszIssuerInfo )
{
std::cout << (
char *) certificateInfo.lpszIssuerInfo << std::endl;
LocalFree( certificateInfo.lpszIssuerInfo );
}

                                if ( certificateInfo.lpszProtocolName )
{
std::cout << (
char *) certificateInfo.lpszProtocolName << std::endl;
LocalFree( certificateInfo.lpszProtocolName );
}

                                if ( certificateInfo.lpszSignatureAlgName )
{
std::cout << (
char *) certificateInfo.lpszSignatureAlgName << std::endl;
LocalFree( certificateInfo.lpszSignatureAlgName );
}

                                if ( certificateInfo.lpszSubjectInfo )
{
std::cout << (
char *) certificateInfo.lpszSubjectInfo << std::endl;
LocalFree( certificateInfo.lpszSubjectInfo );
}

}
else
{
// process error
                                    DWORD error = GetLastError();
}
}

::InternetCloseHandle(hRequest);
}
else
{
std::cout <<
“HttpOpenRequest failed” << std::endl;
}

::InternetCloseHandle(hConnect);
}
                else
                {
std::cout <<
“InternetConnect failed” << std::endl;
}
::InternetCloseHandle(hInternet);
}
else
{
std::cout <<
“InternetOpen failed” << std::endl;
}
}
}
}

return 0;
}
</div> Please Drop me a comment if you found this useful!
<< Go Back