Thread: retrieve the client certificate chain from an ISAPI request

  1. 02-13-2012 #1
    plibin
    plibin is offline
    Registered User
    Join Date
    Feb 2012
    Posts
    2

    retrieve the client certificate chain from an ISAPI request

    I would like to retrieve the entire client certificate chain from a request in ISAPI.I already succeeded to get the first certificate in the client's certificate chain by invoking the code below:

    LPEXTENSION_CONTROL_BLOCK ecb_    ;
    ...
    CERT_CONTEXT_EX cce    ;
    memset    (&cce,0,sizeof(CERT_CONTEXT_EX));
    char certbuf[64*1024];
    cce    .cbAllocated =sizeof(certbuf);
    cce    .CertContext.pbCertEncoded =(BYTE *)&certbuf;
    ecb_    ->ServerSupportFunction(ecb_->ConnID, HSE_REQ_GET_CERT_INFO_EX,&cce,0,0)

    However, I did not find out how to retrieve the rest of the certificate chain from this CERT_CONTEXT_EX struct.
  2. 02-13-2012 #2
    Salem
    Salem is offline
    and the hat of int overfl Salem's Avatar
    Join Date
    Aug 2001
    Location
    The edge of the known universe
    Posts
    39,659
    Changed this
    [COLOR=#000000 ]
    LPEXTENSION_CONTROL_BLOCK ecb_[/COLOR ][COLOR=#000000 ];[/COLOR ][COLOR=#000000 ]
    [/COLOR ][COLOR=#000000 ]...[/COLOR ][COLOR=#000000 ]
    CERT_CONTEXT_EX cce[/COLOR ][COLOR=#000000 ];[/COLOR ][COLOR=#000000 ]


    Into this
    Code:
    LPEXTENSION_CONTROL_BLOCK ecb_;
...
CERT_CONTEXT_EX cce;
memset(&cce,0,sizeof(CERT_CONTEXT_EX));
char certbuf[64*1024];
cce.cbAllocated =sizeof(certbuf);
cce.CertContext.pbCertEncoded =(BYTE *)&certbuf;
ecb_->ServerSupportFunction(ecb_->ConnID, HSE_REQ_GET_CERT_INFO_EX,&cce,0,0)
    If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
    If at first you don't succeed, try writing your phone number on the exam paper.
  3. 02-13-2012 #3
    Salem
    Salem is offline
    and the hat of int overfl Salem's Avatar
    Join Date
    Aug 2001
    Location
    The edge of the known universe
    Posts
    39,659
    > ServerSupportFunction
    ServerSupportFunction Extension Function
    Returns a boolean, and sets an error status you can retrieve with getLastError()

    I suggest you start with that, then you can provide more information.
    If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
    If at first you don't succeed, try writing your phone number on the exam paper.
  4. 02-14-2012 #4
    plibin
    plibin is offline
    Registered User
    Join Date
    Feb 2012
    Posts
    2
    The example that I showed actually works properly and returns the end client certificate, as I mentioned in my first post. I want to get the entire client certificate chain, and have no idea how to accomplish this.

    Quote Originally Posted by Salem View Post
    > ServerSupportFunction
    ServerSupportFunction Extension Function
    Returns a boolean, and sets an error status you can retrieve with getLastError()

    I suggest you start with that, then you can provide more information.
  5. 02-14-2012 #5
    adeyblue
    adeyblue is offline
    'Allo, 'Allo, Allo
    Join Date
    Apr 2008
    Posts
    639
    So you want to Get a Certificate Chain for a Cert? This cryptically named function looks like it might help CertGetCertificateChain function (Windows)
« Previous Thread | Next Thread »
Popular pages Recent additions subscribe to a feed

Similar Threads

  1. ISAPI Filter Code
    By bfreshour in forum C++ Programming
    Replies: 1
    Last Post: 03-11-2010, 06:48 AM
  2. ISAPI unicode filenames
    By Mackan2009 in forum C++ Programming
    Replies: 15
    Last Post: 11-30-2009, 12:20 AM
  3. Trouble with client GET request path
    By NuNn in forum C Programming
    Replies: 1
    Last Post: 02-25-2009, 03:34 PM
  4. ISAPI problem with IIS 6.0
    By Elkvis in forum Windows Programming
    Replies: 3
    Last Post: 08-25-2008, 08:04 PM
  5. c++ ISAPI fails to call VB dll
    By froque in forum Windows Programming
    Replies: 0
    Last Post: 08-22-2003, 02:06 AM