WinHttpSyncHttpClient cannot disable VerifySSL

[PoundKey]

This might be a bug in the WinHttpSyncHttpClient.
File link: HERE

Line #99

if (!WinHttpSetOption(GetOpenHandle(), WINHTTP_OPTION_SECURITY_FLAGS, &flags, sizeof(flags))) {
     AWS_LOGSTREAM_FATAL(GetLogTag(), "Failed to turn ssl cert ca verification off.");
}

WINHTTP_OPTION_SECURITY_FLAGS cannot be set using the Session handle returned from GetOpenHandle(). According this the official API HERE. In this case, the code block should always return true.

It can be set using the RequestHandle, which is similar to function void* WinHttpSyncHttpClient::OpenRequest Line# 149

if (!WinHttpSetOption(hHttpRequest, WINHTTP_OPTION_DISABLE_FEATURE, &requestFlags, sizeof(requestFlags))) {
   AWS_LOGSTREAM_FATAL(GetLogTag(), "Failed to turn off redirects!");
}

Due to the problem mentioned above, verifying server certificate can not be turned off on Windows 10 and Server 2016 (For some reason, Win 7 bears it)

Thanks

[singku]

Thank you for reporting these defects to us, will fix them soon.

On Thu, Aug 3, 2017 at 6:24 PM CX ***@***.***> wrote: This might be a bug in the WinHttpSyncHttpClient. File link: HERE <https://github.com/aws/aws-sdk-cpp/blob/master/aws-cpp-sdk-core/source/http/windows/WinHttpSyncHttpClient.cpp> Line #99 <#99> if (!WinHttpSetOption(GetOpenHandle(), WINHTTP_OPTION_SECURITY_FLAGS, &flags, sizeof(flags))) { AWS_LOGSTREAM_FATAL(GetLogTag(), "Failed to turn ssl cert ca verification off."); } WINHTTP_OPTION_SECURITY_FLAGS cannot be set using the Session handle returned from GetOpenHandle(). According this the official API HERE <https://msdn.microsoft.com/en-us/library/windows/desktop/aa384066(v=vs.85).aspx>. In this case, the code block should always return true. It can be set using the RequestHandle, which is similar to function void* WinHttpSyncHttpClient::OpenRequest Line# 149 if (!WinHttpSetOption(hHttpRequest, WINHTTP_OPTION_DISABLE_FEATURE, &requestFlags, sizeof(requestFlags))) { AWS_LOGSTREAM_FATAL(GetLogTag(), "Failed to turn off redirects!"); } Due to the problem mentioned above, verifying server certificate cannot not be turned off on Windows 10 and Server 2016 (For some reason, Win 7 bears it) Thanks — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#629>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ADTsCEkHlMuaorRWn0_L50chWVi4PLcrks5sUnLYgaJpZM4OtK6n> .

-- Best Regards! Liang. ------------------ Software Engineer Game Developer

[PoundKey]

No problem.
This pull request describes the issue fairly well:
https://github.com/aws/aws-sdk-cpp/pull/492/commits

[singku]

Now I understand that part of discussion, thank you. And We have done a similar fix for http proxy setting, it's also only suitable for request handler.

[singku]

Fixed, will push out soon