Re: Https Upload/Download need

You're both right.

I've recently had to implement a security solution using Internet Explorer to handle a situation as described by Henrick. It wasn't enough to just suppress the error as that would have negative consequences on other sites.

It works well and is tightly integrated with the system configuration that most users already have installed on their system (XP + Internet Explorer). But it is not in any way for the faint of heart to implement. It's a serious undertaking. And there can be substantial security differences between versions of IE.

If all you need to do is suppress the cert error I can show you how to do that very easily using IE. If you need a more robust solution you may be better served using a more pluggable solution as Henrick mentioned.

I've used his products before and find them to be top-notch. And while that may seem, on the surface, to require more work I can't imagine that to be true.

Windows and IE through com interfaces is still too much of a black box (and too much at the whim of MS) for most Delphi programmers when you get into the deeper parts of the system.


Wealth and Abundance,

Matt Harward

Henrick Hellström [StreamSec] wrote:
danny heijl wrote:
The second reason is that WinInet will also prompt you if you are connecting to a site that is authenticated by a server certificate issued by an authority that is not (directly or indirectly) recognized as a root authority by Windows.

You can suppress most server certificate errors in code, but I haven't had to try to suppress this one yet.

That is not an appropriate solution. The condition isn't an error; you just don't want to take the correct step for making CAPI recognize the condition as not being an error (i.e. you don't want install your own root ca certificate with Windows). If you write your own code for verifying the certificate chain when you catch that error, you might just as well use StreamSec Tools that will do it for you.
.