Hi Phil,

 > If you are using LoadFromUrl(), then try the following:

I am just testing your LoadFromUrl() file.
My problem is, that i have made my own CERTs, because
I don't want to pay for my testing-site.
The IE or Thunderbird just ask me, if i will accept the
cert, because it is not signed by a trusted company.
LoadFromUrl() just gives NIL back.
In the INC file I found two 'FLAG' entries wich might be usefull:

#define INTERNET_FLAG_IGNORE_CERT_DATE_INVALID  0x00002000  expired 
X509 Cert.
#define INTERNET_FLAG_IGNORE_CERT_CN_INVALID    0x00001000  bad common 
name in X509 Cert.

My Testsite is https://hubert-brandel.dyndns.org
My Cert and Key is valid for  hubert-brandel.dyndns.org
and it is not expired, just not signed from Verisign etc.

I don't know if the defines are working for me or if another is to use,
and I don't know HOW to get those Flags into the LoadFromUrl().

Which is the right parameter (and format) to give the Flags to 
LoadFromUrl() ?

Bye
Hubert

I have posted this question to the alaska-software.news.waa
and would be glad if you could give me some help.

----------------

My Homepage:

german  - www.familie-brandel.de/index.htm
english - www.familie-brandel.de/index_e.htm

Hubert,

> I am just testing your LoadFromUrl() file.
> My problem is, that i have made my own CERTs, because
> I don't want to pay for my testing-site.
> The IE or Thunderbird just ask me, if i will accept the
> cert, because it is not signed by a trusted company.
> LoadFromUrl() just gives NIL back.
> In the INC file I found two 'FLAG' entries wich might be usefull:

I've reposnded to Hubert by private email on this one, but everyone else:

Try browsing the reosurce using Internet Explorer, and when it asks you if
you accept the certificate, ask it to store the certificate in the local
store.  This may allow the certificate to be recognised by LoadFromUrl().

I'll look into this deeper later, to see if I can get LoadFromUrl() to
ignore the validity of the certificate.

Regards,

Phil Ide

***************************************
* Xbase++ FAQ, Libraries and Sources: *
* goto: http://www.idep.org.uk/xbase  *
***************************************

Okay, who put a "stop payment" on my reality check?

Hi Phil,

> Try browsing the reosurce using Internet Explorer, and when it asks you if
> you accept the certificate, ask it to store the certificate in the local
> store.  This may allow the certificate to be recognised by LoadFromUrl().

Yes this works - now I know the difference of only apply yes to use and 
install  - for me, but If you want to use it in a customer programm, 
and just use the secure internet way for crypting the transferdata ...
if the server certificates wouldn't be so expensive and have to renewed 
every year. I don't earn money with this.

> I'll look into this deeper later, to see if I can get LoadFromUrl() to
> ignore the validity of the certificate.

thanks very well. It would be fine to use a parameter to tell the 
function - high secure or just low secure ...

Bye
Hubert

----------------

My Homepage:

german  - www.familie-brandel.de/index.htm
english - www.familie-brandel.de/index_e.htm

Hubert,

>> Try browsing the reosurce using Internet Explorer, and when it asks you if
>> you accept the certificate, ask it to store the certificate in the local
>> store.  This may allow the certificate to be recognised by LoadFromUrl().
> 
> Yes this works - now I know the difference of only apply yes to use and 
> install  - for me, but If you want to use it in a customer programm, 
> and just use the secure internet way for crypting the transferdata ...
> if the server certificates wouldn't be so expensive and have to renewed 
> every year. I don't earn money with this.

Glad it helped.  However, if you have customers, then you have a source of
income which could and should pay for the certificate.  There are quite
cheap ones available now, and you may even be able to get a free one - I
think Thomas might be more helpful here.  However, for professionalism's
sake, a recognised certificate goes a long way to making people feel
secure.

>> I'll look into this deeper later, to see if I can get LoadFromUrl() to
>> ignore the validity of the certificate.
> 
> thanks very well. It would be fine to use a parameter to tell the 
> function - high secure or just low secure ...

I don't think you will be able to do it.  Self-certified certificates break
the SSL security chain by reaching an endpoint before a recognised valid
certificate is found.  You can tell Windows to ignore invalid dates and
certificates accessed via invalid domain names (since the same server might
have several domains, one of which is unavailable via DNS, or the
certificate could be installed on a test system) and since the local
machine might not be correctly configured with date/time settings.  Without
validating the certificate, the only benefit from a certificate is that
encryption can occur, but you cannot verify that the certificate has not
been spoofed or hijacked - which btw, is the primary reason for having
certificates in the first place.

Regards,

Phil Ide

***************************************
* Xbase++ FAQ, Libraries and Sources: *
* goto: http://www.idep.org.uk/xbase  *
***************************************

For NASA, space is still a high priority. - Dan Quayle

Hi Phil,

> However, if you have customers, then you have a source of
> income which could and should pay for the certificate. 

I am programming at work special software to serve our users with 
programs our big host could not handle. Nothing to do with internet etc.
My friend has sold that clipper thing and ported it to Xbase++.
He thought about serve some of his customers with more then 1 location 
in a city to have a central database additional to there local things,
but don't know how to do it, so i thougth about his problem and tried to
get it work on my own local server.
If hi had get the order he had rent a real server from big resellers 
here in germany (stratos or 1und1), but no order, no server.

I am playing with internet programming because it is fascinating and I 
can serve infos or things over the Internet FOR ME or some friends.
That's why I need a certificate, I don't want someone can sniffer my 
pasword to my own Infosystem - even there is nothing worth at all.

I do the server job with my privat PowerBasic compiler and MySQL - I 
have the prof subscription only at work - and don't want to carry my 
laptop every evening ... My friend don't have - and don't realy need -
the prof sub, so he have no asinet, that why I asked for your loadfromurl().

If I would earn money with it, I would pay for a certificate with a 
professional server (by stratos or 1und1).


> cheap ones available now, and you may even be able to get a free one - I
> think Thomas might be more helpful here.  However, for professionalism's
> sake, a recognised certificate goes a long way to making people feel
> secure.

do you mean Thomas Braun - writing here in the forum ?

----------------

My Homepage:

german  - www.familie-brandel.de/index.htm
english - www.familie-brandel.de/index_e.htm

Hi,

just to make it clear ...

> My friend don't have - and don't realy need -
> the prof sub, so he have no asinet ...

he has bought the Xbase++ with XbTools but no subscription.

Bye
Hubert

----------------

My Homepage:

german  - www.familie-brandel.de/index.htm
english - www.familie-brandel.de/index_e.htm

Hubert,

>> cheap ones available now, and you may even be able to get a free one - I
>> think Thomas might be more helpful here.  However, for professionalism's
>> sake, a recognised certificate goes a long way to making people feel
>> secure.
> 
> do you mean Thomas Braun - writing here in the forum ?

Yes 

By the sounds of your requirements, a self-cert-cert is probably a
reasonable way to go - just be aware that the first time your web browser
connects, you have to store the certificate to avoid gettong the message
every time.

Regards,

Phil Ide

***************************************
* Xbase++ FAQ, Libraries and Sources: *
* goto: http://www.idep.org.uk/xbase  *
***************************************

Use Windex On Your Windows