WebInputStream: Patch for redirects and SSL certificates


#1

While trying to design a C++ module for dealing with OAuth, I noticed that I would get many dead-ends because WebInputStream is setup with more defaults than meets the eye.

My networking knowledge is subpar to say the least, but I found a solution that lets my OAuth code work with different servers (e.g.: SoundCloud, GitHub).

Windows' HttpOpenRequest() is setup to allow handling of redirects by default, likewise SSL certificates. JUCE's code doesn't allow the users to deal with any of this, so I figure modifying the flags for creating an HINTERNET in the back-end is the best way since it lets the servers ignore SSL certs and avoid doing redirects.

A couple sources:

http://stackoverflow.com/questions/14071099/openssl-wininet-client
http://www.vbforums.com/showthread.php?659350-RESOLVED-HttpSendRequest-redirects-GetFinalURL


Somewhere in juce_win32_Network.cpp:


void openHTTPConnection (URL_COMPONENTS& uc, URL::OpenStreamProgressCallback* progressCallback,
                             void* progressCallbackContext)
    {
        const TCHAR* mimeTypes[] = { _T("*/*"), nullptr };
        DWORD flags = INTERNET_FLAG_RELOAD | INTERNET_FLAG_NO_CACHE_WRITE | INTERNET_FLAG_NO_COOKIES
                      | INTERNET_FLAG_NO_AUTO_REDIRECT | SECURITY_SET_MASK;
        if (address.startsWithIgnoreCase ("https:"))
            flags |= INTERNET_FLAG_SECURE; // (this flag only seems necessary if the OS is running IE6 -
                                           //  IE7 seems to automatically work out when it's https)
        request = HttpOpenRequest (connection, isPost ? _T("POST") : _T("GET"),
                                   uc.lpszUrlPath, 0, 0, mimeTypes, flags, 0);
        if (request != 0)
        {
            DWORD dwFlags;
            DWORD dwBuffLen = sizeof (DWORD);
            InternetQueryOption (request, INTERNET_OPTION_SECURITY_FLAGS, (LPVOID) &dwFlags, &dwBuffLen);
            dwFlags |= SECURITY_FLAG_IGNORE_UNKNOWN_CA | SECURITY_SET_MASK;
            InternetSetOption (request, INTERNET_OPTION_SECURITY_FLAGS, &dwFlags, sizeof (dwFlags));

#2

Cool, thanks Joel, that seems to make sense!