TRtcHttpClient - Property Request

[Ryan]

Hi Danijel,

I hope you are well. Could I request an enhancement to the TRtcHttpClient component please? Could you add a property which toggles the SSL certificate checking options? A recent security audit of our software a medium severity action was created because the software allows SSL connections using invalid or untrusted certificates. Changing the flags passed to InternetSetOption in rtcWInetHttpCliProv from

Code:

    pdwFlags^ := pdwFlags^
                or SECURITY_FLAG_IGNORE_UNKNOWN_CA
                or SECURITY_FLAG_IGNORE_CERT_CN_INVALID
                or SECURITY_FLAG_IGNORE_CERT_DATE_INVALID
                or SECURITY_FLAG_IGNORE_REDIRECT_TO_HTTPS
                or SECURITY_FLAG_IGNORE_REDIRECT_TO_HTTP
                or SECURITY_FLAG_IGNORE_WRONG_USAGE
                or SECURITY_FLAG_IGNORE_REVOCATION;

to

Code:

    pdwFlags^ := pdwFlags^
                or SECURITY_FLAG_IGNORE_REDIRECT_TO_HTTPS
                or SECURITY_FLAG_IGNORE_REDIRECT_TO_HTTP;

gives the customer what they are looking for and satisfies the auditor.

I wondered if it could become an option instead of me changing the code each time I update.

Many thanks for your time.
Ryan

[D.Tkalcec (RTC)]

Done. Starting with the RTC SDK v7.57 (just released), you can set custom security flags for HTTPS Clients using the WinHTTP and/or WinInet APIs on Windows.

Best Regards,
Danijel Tkalcec

[Ryan]

Hi Danijel,

Many thanks for making the change so fast!

Kind regards,
Ryan