internetsetoption is not working with INTERNET_OPTION_SECURITY_FLAGS

[AnanthV]

I am using below code in my program. Initial query function returns flags value as 256(unknown CA) error. I have used this line "Flags &= ~SECURITY_FLAG_IGNORE_UNKNOWN_CA;" to remove the unknown CA value from flag and passed the value to internetsetoption function. This internetsetoption function doesnt throw any error and also fuction also not successful. Final query function also returns same value 256 instead of giving value as 0
Can you please clarify why the flag value is not set when is used set function?

Code:

uint32 Flags=0;

uint32 Flags_test=0;

uint32 Length = sizeof(Flags);

if (!InternetQueryOption(Handle, INTERNET_OPTION_SECURITY_FLAGS, &Flags,&Length))
{
if any erro logged here
}

Flags &= ~SECURITY_FLAG_IGNORE_UNKNOWN_CA;

if (!InternetSetOption(Handle, INTERNET_OPTION_SECURITY_FLAGS, &Flags, sizeof(uint32))) 
{

if any erro logged here
}

if (!InternetQueryOption(Handle, INTERNET_OPTION_SECURITY_FLAGS, &Flags,&Length))
{
if any erro logged here
}

[Codeplug]

How To Handle Invalid Certificate Authority Error with WinInet
>> dwFlags |= SECURITY_FLAG_IGNORE_UNKNOWN_CA;

gg

[AnanthV]

Hi, The above one points to set the unknown CA flag. My goal is to remove already stored flag "Security_flag_ignore_unknown_ca" in the handle.

In detail, I have set the flag case 1 and case 2 based on my configuration value in my product for HTTPS self signed certificate communication. Suppose if i use the case 1 flag, then i am getting the security warning pop up continuously for subsequent https connection without any issues.If i use the case 2 flag, then i am getting the security warning only one time for HTTPS connection.It is not showing security warning for susbsequent Https connection. Is this expected one? Is there any cache value stored if i press yes in the security warning pop up?
Suppose if i use case 2 flag and then case 1 flag after changing the configured value, then i am not at all getting security warning pop up. How to get the security warning pop up in this case? if cache value is stored, then how to clean up the cache by using any fucntion? In this case, if i restart the product, then i am getting security warning pop up.
case 1:
Flags |= SECURITY_FLAG_IGNORE_REVOCATION;
case 2:
Flags &= ~SECURITY_FLAG_IGNORE_REVOCATION;
Security WARNING POP UP:
This page requires a secure connection which includes server authentication. The certifcate Issuer for this site is untrusted or unknown. Do you wish to proceed?

[Codeplug]

>> It is not showing security warning for susbsequent Https connection. Is this expected one?
InternetErrorDlg function (Windows)
Are you using FLAGS_ERROR_UI_FLAGS_CHANGE_OPTIONS? If so, remove that flag and see if the popup occurs on each connect.

>> SECURITY_FLAG_IGNORE_REVOCATION
That is different from "Unknown CA".

gg

[AnanthV]

Thanks for you guidance.


I have tried by removing "FLAGS_ERROR_UI_FLAGS_CHANGE_OPTIONS" in the InternetErrorDlg function, then also i am facing the same issues.


I understand that "SECURITY_FLAG_IGNORE_REVOCATION" is different from unknow CA. In my case, when i set the flag "SECURITY_FLAG_IGNORE_REVOCATION", then i am getting continuous security warning popup and there is no flag set at the time of Httpopenrequest handle.


when there is no "SECURITY_FLAG_IGNORE_REVOCATION" flag, then i am not getting continuous security warning only two times recived that warning and there is some flag set 0x20000101 (SECURITY_FLAG_STRENGTH_STRONG,SECURITY_FLAG_SECUR E and SECURITY_FLAG_IGNORE_UNKNOWN_CA) by default when i troublshooting the code. I havent set those 3 flags in my code explicitly. I feel that i may get security warning pop up continuously when i removed those 3 flags. but inetnetset option failed to remove those 3 flags. Whether wininet API set those 3 flags. How to remove those 3 flags to show security warning pop up.

[AnanthV]

Can you please have any update for this?