Geek Answers Handbook

WinHttp does not boot from Amazon S3 to WinXP

Amazon recently turned off SSL support for S3 codes, and it seems to be causing problems with Windows XP SP3. I am using this code

hSession = WinHttpOpen(L"MySession", WINHTTP_ACCESS_TYPE_DEFAULT_PROXY, WINHTTP_NO_PROXY_NAME, WINHTTP_NO_PROXY_BYPASS, 0); if (bHTTPS) { DWORD flags = WINHTTP_FLAG_SECURE_PROTOCOL_TLS1; WinHttpSetOption(hSession, WINHTTP_OPTION_SECURE_PROTOCOLS, &flags, sizeof(flags)); } port = bHTTPS ? INTERNET_DEFAULT_HTTPS_PORT : INTERNET_DEFAULT_HTTP_PORT; hConnect = WinHttpConnect(hSession, srv_w, port, 0); hRequest = WinHttpOpenRequest(hConnect, vrb_w, adr_w, NULL, WINHTTP_NO_REFERER, NULL, WINHTTP_FLAG_REFRESH | (bHTTPS ? WINHTTP_FLAG_SECURE : 0)); if (bHTTPS) { DWORD dwSecFlag = SECURITY_FLAG_IGNORE_CERT_CN_INVALID | SECURITY_FLAG_IGNORE_CERT_DATE_INVALID | SECURITY_FLAG_IGNORE_UNKNOWN_CA | SECURITY_FLAG_IGNORE_CERT_WRONG_USAGE; WinHttpSetOption(hRequest, WINHTTP_OPTION_SECURITY_FLAGS, &dwSecFlag, sizeof(dwSecFlag)); } WinHttpSendRequest(hRequest, hdr_w, (headers != NULL) ? -1 : 0, data, size, size, 0); WinHttpReceiveResponse(hRequest, NULL);

This works on Win7 and works about a month ago on WinXP. But now I get WinHttp error 12152: the server returned an invalid or unrecognized response. I turned on tracing and the log file has a different error:

 17:47:47.057 ::*0000001* :: WinHttpSendRequest(0x10a0000, "", 0, 0x0, 0, 0, 0) 17:47:47.135 ::*0000001* :: "s3.amazonaws.com" resolved 17:47:47.307 ::*0000001* :: Winsock/RPC/SSL/Transport error: 0x90312 [SEC_I_CONTINUE_NEEDED]

Is there a way to fix this problem without using third-party libraries? (browsers, including IE, download files without problems).

+5
source share
3 answers

I have the same problem. I think this may be caused by the SSL_RSA_WITH_3DES_EDE_SHA encryption issue selected in WinHTTP on XP. Try this as a test: On an XP machine, add a new DWORD value called Enabled:

 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\Triple DES 168/168

This disables this cipher and seems to fix the problem for me. However, this is not an ideal solution, and I'm still not sure about the underlying problem. Perhaps a problem with any Amazon crypto provider?

+1
source

I managed to redo the code and use WinInet, which works great.

 hInternet = InternetOpen("myapp", INTERNET_OPEN_TYPE_PRECONFIG, NULL, NULL, 0); hConnect = InternetConnect(hInternet, server, port, NULL, NULL, INTERNET_SERVICE_HTTP, 0, NULL); const char *accept_types[] = { "*/*", NULL }; DWORD flags = INTERNET_FLAG_NO_UI | INTERNET_FLAG_SECURE; hRequest = HttpOpenRequest(hConnect, verb, addr, NULL, NULL, accept_types, flags, NULL); bResults = HttpSendRequest(hRequest, headers, -1, data, size); bResults = HttpQueryInfo(hRequest, HTTP_QUERY_STATUS_CODE, tmp_buf, &buf_sz, NULL); // check for 200 here... bResults = HttpQueryInfo(hRequest, HTTP_QUERY_CONTENT_LENGTH, tmp_buf, &buf_sz, NULL); // allocate a buffer here INTERNET_BUFFERS buf = { sizeof(INTERNET_BUFFERS) }; buf.lpvBuffer = &buffer[0]; buf.dwBufferTotal = content_length; // read using InternetReadFileEx or InternetReadFile

the code does not have an explicit TLS declaration, but if the server only supports TLS, the client will have no choice.

0
source

Assuming you keep your insecure dwFlags , you can disable HTTPS.
You completely ignore any SSL errors and allow a lot of attacks and content manipulation.

So, if you do not care about security, why use HTTPS?

Just get around:
You must take care of security and remove these unsafe flags.

-1
source

More articles:


All Articles