RTC Forums

Subscription => Support => Topic started by: Ryan on October 26, 2016, 01:43:11 PM


Title: TRtcHttpClient - Property Request
Post by: Ryan on October 26, 2016, 01:43:11 PM
Hi Danijel,

I hope you are well. Could I request an enhancement to the TRtcHttpClient component please? Could you add a property which toggles the SSL certificate checking options? A recent security audit of our software a medium severity action was created because the software allows SSL connections using invalid or untrusted certificates. Changing the flags passed to InternetSetOption in rtcWInetHttpCliProv from

Code:
    pdwFlags^ := pdwFlags^
                or SECURITY_FLAG_IGNORE_UNKNOWN_CA
                or SECURITY_FLAG_IGNORE_CERT_CN_INVALID
                or SECURITY_FLAG_IGNORE_CERT_DATE_INVALID
                or SECURITY_FLAG_IGNORE_REDIRECT_TO_HTTPS
                or SECURITY_FLAG_IGNORE_REDIRECT_TO_HTTP
                or SECURITY_FLAG_IGNORE_WRONG_USAGE
                or SECURITY_FLAG_IGNORE_REVOCATION;

to

Code:
    pdwFlags^ := pdwFlags^
                or SECURITY_FLAG_IGNORE_REDIRECT_TO_HTTPS
                or SECURITY_FLAG_IGNORE_REDIRECT_TO_HTTP;

gives the customer what they are looking for and satisfies the auditor.

I wondered if it could become an option instead of me changing the code each time I update.

Many thanks for your time.
Ryan

Title: Re: TRtcHttpClient - Property Request
Post by: D.Tkalcec (RTC) on October 26, 2016, 02:43:01 PM
Done. Starting with the RTC SDK v7.57 (just released), you can set custom security flags for HTTPS Clients using the WinHTTP and/or WinInet APIs on Windows.

Best Regards,
Danijel Tkalcec

Title: Re: TRtcHttpClient - Property Request
Post by: Ryan on October 26, 2016, 03:14:30 PM
Hi Danijel,

Many thanks for making the change so fast!

Kind regards,
Ryan


Powered by SMF 1.1.21 | SMF © 2015, Simple Machines