How To Make SSL Requests Using WinInet

Retired KB Content Disclaimer
This article was written about products for which Microsoft no longer offers support. Therefore, this article is offered "as is" and will no longer be updated.
This article explains how to make SSL requests using the WinInet APIs.
More information
It is possible to establish a Secure Socket Layer (SSL) or PrivateCommunications Technology (PCT) HTTP session with the WinInet APIs. SecureHTTP, denoted as HTTPS://, takes place over TCP port 443. Code similar tothe following can be used to establish an HTTPS session:
   ...   hOpen = InternetOpen (...);   Connect = InternetConnect (                hOpen,                      // InternetOpen handle                "MyHttpServer",             // Server  name      INTERNET_DEFAULT_HTTPS_PORT,// Default HTTPS port - 443                "",                         // User name                "",                         //  User password                INTERNET_SERVICE_HTTP,      // Service      0,                          // Flags      0                           // Context                   );   hReq = HttpOpenRequest (                hConnect,                   // InternetConnect handle      "GET",                      // Method      "",                         // Object name      HTTP_VERSION,               // Version      "",                         // Referrer                NULL,                       // Extra headers      INTERNET_FLAG_SECURE,       // Flags      0                           // Context                );   ...				
Please note two differences when using HTTPS instead of HTTP:
  • HttpOpenRequest uses the INTERNET_FLAG_SECURE option in addition to all other options.
The following two options can be used either in HttpOpenRequest or inInternetOpenUrl to ignore invalid certificate errors:

  • INTERNET_FLAG_IGNORE_CERT_CN_INVALID - Ignores errors that can be caused by the certificate host name of the server not matching the host name in the request.
  • INTERNET_FLAG_IGNORE_CERT_DATE_INVALID - Ignores errors that can be caused by an expired server certificate.
Please see the Internet Client SDK documentation for more information onthese flags.

SSL and PCT functionality are provided by Schannel.dll, which is properlyinstalled when you run the redistribution program Wintdist.exe orWint351.exe. See Redist.txt or Axredist.txt for information aboutredistributing Schannel.dll.
Internet Client SDK Help

Article ID: 168151 - Last Review: 06/22/2014 18:21:00 - Revision: 3.0

  • kbhowto KB168151