I'm trying to supress SSL warnings inside a IE BHO where I am using
MSHTML classes to manipulate the incoming HTML DOM. I am using the
Passthrough Asynchronous Pluggable Protocol classes generously
provided by Igor Tandetnik on these forums. My approach was to use
InternetSetOption inside the ReportProgress method
STDMETHODIMP CHttpTraffic::ReportProgress(
/* [in] */ ULONG ulStatusCode,
/* [in] */ LPCWSTR szStatusText)
{
ATLASSERT(m_spInternetProtocolSink != 0);
HRESULT hr = m_spInternetProtocolSink ?
m_spInternetProtocolSink->ReportProgress(ulStatusCode,
szStatusText) :
S_OK;
if (ulStatusCode == BINDSTATUS_CONNECTING)
{
DWORD dwFlag = SECURITY_FLAG_IGNORE_CERT_CN_INVALID |
SECURITY_FLAG_IGNORE_CERT_DATE_INVALID |
SECURITY_FLAG_IGNORE_UNKNOWN_CA | SECURITY_FLAG_IGNORE_WRONG_USAGE;
BOOL bRet = InternetSetOption(NULL, INTERNET_OPTION_SECURITY_FLAGS,
(LPVOID)dwFlag, sizeof(dwFlag));
}
return S_OK;
}
The problem is that I do not know the HINTERNET handle that needs to
be passed to InternetSetOption. I can't seem to figure out how to
extract this handle from inside the APP. The IWinInetInfo and
IWinInetHttpInfo interfaces only seem to allow one to execute
QueryOption and not SetOption.
I am not even sure that the technique mentioned above is the best way
to accomplish this.
Is there any other way to suppress the following SSL warnings:
SECURITY_FLAG_IGNORE_CERT_CN_INVALID,
SECURITY_FLAG_IGNORE_CERT_DATE_INVALID,
SECURITY_FLAG_IGNORE_UNKNOWN_CA and SECURITY_FLAG_IGNORE_WRONG_USAGE.
Any suggestions are welcome.
Thanks in advance.
