I am getting status code 404 for the below code snippet.
Note: please add <HOSTNAME> when you are trying to figure out the issue.
HINTERNET m_hConnect;
HINTERNET m_hSession;
HINTERNET m_hRequest;
m_hSession = WinHttpOpen(userAgent,
WINHTTP_ACCESS_TYPE_NO_PROXY,
WINHTTP_NO_PROXY_NAME,
WINHTTP_NO_PROXY_BYPASS, 0);
if (!m_hSession) {
printf("WinHttpOpen:Error %d has occurred.",GetLastError());
return 0;
}
// connect to the IPP server on the given port
m_hConnect = WinHttpConnect( m_hSession, <HOSTNAME>, 443, 0);
if (!m_hConnect) {
printf("WinHttpConnect: Error %d has occurred.",GetLastError());
return 0;
}
// Create an HTTP Request handle.
m_hRequest = WinHttpOpenRequest(m_hConnect, L"POST" ,L"/ipp",
L"HTTP/1.1", WINHTTP_NO_REFERER,
WINHTTP_DEFAULT_ACCEPT_TYPES,WINHTTP_FLAG_SECURE);
if (!m_hRequest) {
printf("WinHttpOpenRequest:Error %d has occurred.",GetLastError());
return 0;
}
DWORD secureflags = SECURITY_FLAG_IGNORE_UNKNOWN_CA | SECURITY_FLAG_IGNORE_CERT_CN_INVALID |SECURITY_FLAG_IGNORE_CERT_WRONG_USAGE | SECURITY_FLAG_IGNORE_CERT_DATE_INVALID;
BOOL bResult= WinHttpSetOption(m_hRequest, WINHTTP_OPTION_SECURITY_FLAGS, (LPVOID)&secureflags, sizeof(secureflags));
if (!bResult) {
printf("WinHttpSetOption:Error %d has occurred.",GetLastError());
return 0;
}
bResult = WinHttpSendRequest(m_hRequest, WINHTTP_NO_ADDITIONAL_HEADERS,0,WINHTTP_NO_REQUEST_DATA,0,0,0);
if (!bResult) {
printf("WinHttpSendRequest:Error %d has occurred.",GetLastError());
return 0;
}
if( !WinHttpReceiveResponse( m_hRequest, NULL ) )
{
if( GetLastError( ) == ERROR_WINHTTP_CLIENT_AUTH_CERT_NEEDED )
{
HCERTSTORE hMyStore = 0;
PCCERT_CONTEXT pCertContext = 0;
WCHAR szCertName[256]={0};
//MY is the store the certificate is in.
hMyStore = CertOpenSystemStore( 0, TEXT("MY") );
if( hMyStore )
{
pCertContext = CertFindCertificateInStore( hMyStore,
X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
0,
CERT_FIND_SUBJECT_STR,
(LPVOID) szCertName, //Subject string in the certificate.
NULL );
if( pCertContext )
{
WinHttpSetOption( m_hRequest,
WINHTTP_OPTION_CLIENT_CERT_CONTEXT,
(LPVOID) pCertContext,
sizeof(CERT_CONTEXT) );
CertFreeCertificateContext( pCertContext );
}
CertCloseStore( hMyStore, 0 );
// NOTE: Application should now resend the request.
bResult = WinHttpSendRequest(m_hRequest, WINHTTP_NO_ADDITIONAL_HEADERS,0,WINHTTP_NO_REQUEST_DATA,0,0,0);
if (!bResult) {
printf("WinHttpSendRequest:Error %d has occurred.",GetLastError());
return 0;
}
}
}
}
DWORD dwStatusCode = 0;
DWORD dwSize = sizeof(DWORD);
BOOL bResults = true;
bResults = WinHttpQueryHeaders( m_hRequest, WINHTTP_QUERY_STATUS_CODE | WINHTTP_QUERY_FLAG_NUMBER, NULL, &dwStatusCode, &dwSize, NULL );
Result: I am getting status code of 404. I am not able to figure out why it is happening.
Using WinINet, I have followed the same procedure, I am getting status code of 200, which is success. But my requirement is to use only WinHttp.
This is not a mystery. It is happening because the resource you request was not found.
Either:
The URL you used was incorrect, or
The mapping of URLs to resources at the server isn't correct.
Related
#define CA "/mnt/key/ca.crt"
#define CLIENT_KEY "/mnt/key/client.key"
#define CLIENT_CRT "/mnt/key/client.crt"
void onConnectFailure(void *context, MQTTAsync_failureData *response)
{
finished = 1;
printf("[CS55]Connect failed, rc %d\n", response ? response->code : 0);
delay(1000);
connect_server();
}
void connect_server()
{
if (MQTTAsync_connect(client, &conn_opts) != MQTTASYNC_SUCCESS)
{
printf("[CS55]connect_server()\n");
finished = 1;
}
}
void mqtt_connect()//连接
{
MQTTAsync_SSLOptions ssl_opts = MQTTAsync_SSLOptions_initializer;
pthread_mutex_init(&serial_mute, NULL); //互斥锁
MQTTAsync_create(&client, mqtt_addr, client_id, MQTTCLIENT_PERSISTENCE_NONE, NULL);
MQTTAsync_setCallbacks( //设置回调
client,
NULL,
connlost,
msgarrvd,
NULL);
conn_opts.keepAliveInterval = 20;
conn_opts.cleansession = 1;
conn_opts.onSuccess = onConnect;
conn_opts.onFailure = onConnectFailure;
conn_opts.username = username;
conn_opts.password = password;
conn_opts.context = client;
ssl_opts.struct_version = 5;
ssl_opts.sslVersion = MQTT_SSL_VERSION_TLS_1_2;
ssl_opts.verify = true;
ssl_opts.keyStore = CLIENT_KEY;
ssl_opts.trustStore = CLIENT_CRT;
ssl_opts.enableServerCertAuth = true;
ssl_opts.CApath = CA;
conn_opts.ssl = &ssl_opts;
// ssl_opts.enabledCipherSuites = "TLSv1";
int rc;
if ((rc = MQTTAsync_connect(client, &conn_opts))!= MQTTASYNC_SUCCESS)
{
printf("[CS55]MQTTAsync_connect return %d\n",rc);
finished = 1;
}
// connect_server(); //开始请求连接服务器
while (subscribe_fail != 1) //while(订阅成功)
{
delay(1000); //延迟1000ms
}
MQTTAsync_disconnectOptions disc_opts = MQTTAsync_disconnectOptions_initializer;
disc_opts.onSuccess = onDisconnect;
rc = MQTTAsync_disconnect(client, &disc_opts);
if (rc != MQTTASYNC_SUCCESS)
{
//printf("Failed to start disconnect, return code %d\n", rc);
}
MQTTAsync_destroy(&client);
}
log:
[CS55]Connect failed, rc -1
[CS55]Connect failed, rc -1
[CS55]Connect failed, rc -1
[CS55]Connect failed, rc -1
After I start the program, I will execute the callback function onConnectFailure, and then print the log of connection failure all the time. After debugging for a long time, I don't know where the problem is. I may need help。
I tried to add certificate authentication in mqtt, but I couldn't connect to the server. I didn't find a reference use case. If so, please share it with me
connopts.ssl = &ssl_opts;
connopts.ssl->trustStore = CA;
connopts.ssl->privateKey = CLIENT_KEY;
connopts.ssl->keyStore = CLIENT_CRT;
connopts.ssl->enableServerCertAuth = ture;
connopts.ssl->verify = true;
Refer to the above code, pay attention to using SSL protocol when connecting to the server ssl://11.22.33.44 :8883。
I'm trying to use a PS3eye camera on Windows 10 with DirectShow sdk.
I've installed the driver and tested in AMCap that the PS3eye is working.
When in VS 2015, I defined a CCameraDS class with a function called CameraCount(), but when I call this function it always returns me 1 which represents the EasyCamera of my laptop. Am I missing something?
int CCameraDS::CameraCount()
{
int count = 0;
CoInitialize(NULL);
// enumerate all video capture devices
ICreateDevEnum *pCreateDevEnum = 0;
HRESULT hr = CoCreateInstance(CLSID_SystemDeviceEnum, NULL, CLSCTX_INPROC_SERVER,
IID_ICreateDevEnum, (void**)&pCreateDevEnum);
IEnumMoniker *pEm = 0;
hr = pCreateDevEnum->CreateClassEnumerator(CLSID_VideoInputDeviceCategory, &pEm, 0);
if (hr != NOERROR)
{
return count;
}
pEm->Reset();
ULONG cFetched;
IMoniker *pM;
while(hr = pEm->Next(1, &pM, &cFetched), hr==S_OK)
{
count++;
}
pCreateDevEnum = NULL;
pEm = NULL;
return count;
}
To verify, I have another method called CameraName(),
int CCameraDS::CameraName(int nCamID, char* sName, int nBufferSize)
{
int count = 0;
CoInitialize(NULL);
// enumerate all video capture devices
ICreateDevEnum *pCreateDevEnum = 0;
HRESULT hr = CoCreateInstance(CLSID_SystemDeviceEnum, NULL, CLSCTX_INPROC_SERVER, IID_ICreateDevEnum, (void**)&pCreateDevEnum);
IEnumMoniker *pEm = 0;
hr = pCreateDevEnum->CreateClassEnumerator(CLSID_VideoInputDeviceCategory, &pEm, 0);
if (hr != NOERROR) return 0;
pEm->Reset();
ULONG cFetched;
IMoniker *pM;
while(hr = pEm->Next(1, &pM, &cFetched), hr==S_OK)
{
if (count == nCamID)
{
IPropertyBag *pBag=0;
hr = pM->BindToStorage(0, 0, IID_IPropertyBag, (void **)&pBag);
if(SUCCEEDED(hr))
{
VARIANT var;
var.vt = VT_BSTR;
hr = pBag->Read(L"FriendlyName", &var, NULL);
if(hr == NOERROR)
{
WideCharToMultiByte(CP_ACP,0,var.bstrVal,-1,sName, nBufferSize ,"",NULL);
SysFreeString(var.bstrVal);
}
pBag->Release();
}
pM->Release();
break;
}
count++;
}
pCreateDevEnum = NULL;
pEm = NULL;
return 1;
}
When I input 0, I have EasyCamera returned, but input 1 with nothing output. Where is the problem?
Problem solved.
In fact, the PS3eye driver as well as AMCap software are both compiled under x86 environment, since I used x64 environment, the driver wasn't working I think.
I didn't expect this to be the solution but it does solve the problem.
I have a client that connects to LDAP server using TLS. For this connection, I want to enable CRL check and reject the connection only if any server/client certificates are revoked.
In special cases (like CRL missing, CRL expired) I want to ignore the error and establish the connection.
So I though to overwrite the default SSL verify call back to ignore the specific errors.
But the call back is not called at all. Always only default call-back is called.
Here is my call back:
static int verify_callback(int ok, X509_STORE_CTX *ctx)
{
X509* cert = X509_STORE_CTX_get_current_cert(ctx);
if (ok)
return ok;
int sslRet = X509_STORE_CTX_get_error(ctx);
const char* err = NULL;
switch (sslRet)
{
case X509_V_ERR_UNABLE_TO_GET_CRL:
case X509_V_ERR_CRL_HAS_EXPIRED:
case X509_V_ERR_CRL_NOT_YET_VALID:
printf( "CRL: Verification failed... but ignored : %d\n", sslRet);
return 1;
default:
err = X509_verify_cert_error_string(sslRet);
if (err)
printf( "CRL: Failed to verify : %s\n",err);
return 0;
}
return sslRet;
}
Default verify call-back is overwritten using the ldap call-back set option:
void ldap_tls_cb(LDAP * ld, SSL * ssl, SSL_CTX * ctx, void * arg)
{
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER , verify_callback);
printf("verify call back is set...\n");
return;
}
Main Program:
int main( int argc, char **argv )
{
LDAP *ldap;
int auth_method = LDAP_AUTH_SIMPLE; //LDAP_AUTH_SASL
int ldap_version = LDAP_VERSION3;
char *ldap_host = "10.104.40.35";
int ldap_port = 389;
if ( (ldap = ldap_init(ldap_host, ldap_port)) == NULL ) {
perror( "ldap_init failed" );
return( EXIT_FAILURE );
}
int result = ldap_set_option(ldap, LDAP_OPT_PROTOCOL_VERSION, &ldap_version);
if (result != LDAP_OPT_SUCCESS ) {
ldap_perror(ldap, "ldap_set_option failed!");
return(EXIT_FAILURE);
}
int requireCert = LDAP_OPT_X_TLS_DEMAND;
result = ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &requireCert);
if (result != LDAP_OPT_SUCCESS ) {
ldap_perror(ldap, "ldap_set_option - req cert -failed!");
return(EXIT_FAILURE);
}
result = ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE, "/etc/certs/Cert.pem");
if (result != LDAP_OPT_SUCCESS ) {
ldap_perror(ldap, "ldap_set_option - cert file - failed!");
return(EXIT_FAILURE);
}
int crlvalue = LDAP_OPT_X_TLS_CRL_ALL;
result =ldap_set_option(NULL, LDAP_OPT_X_TLS_CRLCHECK, &crlvalue);
if (result != LDAP_OPT_SUCCESS ) {
ldap_perror(ldap, "ldap_set_option failed!");
return(EXIT_FAILURE);
}
int debug = 7;
ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, &debug);
result = ldap_set_option(ldap, LDAP_OPT_X_TLS_CONNECT_CB, (void *)ldap_tls_cb);
if (result != LDAP_SUCCESS) {
fprintf(stderr, "ldap_set_option(LDAP_OPT_X_TLS_CONNECT_CB): %s\n", ldap_err2string(result));
return(1);
}
int msgidp = 0;
result = ldap_start_tls(ldap,NULL,NULL,&msgidp);
if (result != LDAP_OPT_SUCCESS ) {
ldap_perror(ldap, "start tls failed!");
return result;
} else {
printf("Start tls success.\n");
}
LDAPMessage *resultm;
struct timeval timeout;
result = ldap_result(ldap, msgidp, 0, &timeout, &resultm );
if ( result == -1 || result == 0 ) {
printf("ldap_result failed;retC=%d \n", result);
return result;
}
result = ldap_parse_extended_result(ldap, resultm, NULL, NULL, 0 );
if ( result == LDAP_SUCCESS ) {
result = ldap_install_tls (ldap);
printf("installing tls... %s\n", ldap_err2string(result));
}
int request_id = 0;
result = ldap_sasl_bind(ldap, "", LDAP_SASL_SIMPLE, NULL, 0, 0, &request_id);
if ( result != LDAP_SUCCESS ) {
fprintf(stderr, "ldap_x_bind_s: %s\n", ldap_err2string(result));
printf("LDAP bind error .. %d\n", result);
return(EXIT_FAILURE);
} else {
printf("LDAP connection successful.\n");
}
ldap_unbind(ldap);
return(EXIT_SUCCESS);
}
can someone help to check why my verify call-back is not called?
I think you need to set the callback on the SSL object directly instead of the context, so
void ldap_tls_cb(LDAP * ld, SSL * ssl, SSL_CTX * ctx, void * arg)
{
SSL_set_verify(ssl, SSL_VERIFY_PEER, verify_callback);
printf("verify call back is set...\n");
return;
}
The reason for this is that the SSL handle has already been initialised by the time your connect callback is called (see the OpenLDAP code), and
it's too late to set this callback through the context at that point:
If no special callback was set before, the default callback for the underlying ctx is used, that was valid at the time ssl was created with SSL_new(3).
OpenLDAP can be built with GnuTLS, so you may need to check that it's using OpenSSL before setting the callback. The LDAP_OPT_X_TLS_PACKAGE option could be used for this (note that I haven't tested this code):
char* package = NULL;
int result = ldap_get_option(NULL, LDAP_OPT_X_TLS_PACKAGE, (void *)&package);
if (result != LDAP_OPT_SUCCESS) {
ldap_perror(ldap, "ldap_get_option failed!");
return(EXIT_FAILURE);
} else {
if (strcmp(package, "OpenSSL") == 0) {
// Set your callback
}
ldap_memfree(package);
}
Here's my simple openssl client test case trying to connect to google.com:443.
According to the manual, BIO_do_connect should return 1, 0 or -1.
Google didn't find me anyone for whom it returns 0, which it does for me.
#include <stdio.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
int main()
{
SSL_load_error_strings();
SSL_library_init();
ERR_load_BIO_strings();
OpenSSL_add_all_algorithms();
SSL_CTX *p_ssl_ctx = NULL;
SSL *p_ssl = NULL;
BIO * bio = NULL;
int r = 0;
// init ssl context
p_ssl_ctx = SSL_CTX_new(SSLv2_client_method()); /* Create new context */
if (p_ssl_ctx == NULL)
{
ERR_print_errors_fp(stderr);
return 3;
}
const char *store_path = "/etc/ssl/certs/ca-certificates.crt";
r = SSL_CTX_load_verify_locations(p_ssl_ctx, store_path, NULL);
if (r == 0) {
fprintf(stderr, "Unable to load the trust store from %s.\n", store_path);
return 4;
}
bio = BIO_new_ssl_connect(p_ssl_ctx);
if (!bio) {
fprintf(stderr, "no bio \n");
return 5;
}
BIO_get_ssl(bio, &p_ssl);
if (!(p_ssl)) {
fprintf(stderr, "no ssl\n");
return 6;
}
SSL_set_mode(p_ssl, SSL_MODE_AUTO_RETRY);
BIO_set_conn_hostname(bio, "www.google.com:443");
r = BIO_do_connect(bio);
if (r < 1) {
fprintf(stderr, "BIO_new_ssl_connect failed: %lu (0x%lx)\n", r, r);
fprintf(stderr, "Error: %s\n", ERR_reason_error_string(ERR_get_error()));
fprintf(stderr, "%s\n", ERR_error_string(ERR_get_error(), NULL));
ERR_print_errors_fp(stderr);
perror("bio");
return 7;
}
if (SSL_get_verify_result(p_ssl) != X509_V_OK) {
fprintf(stderr, "Unable to verify connection result.\n");
return 8;
}
return 0;
}
returns:
BIO_new_ssl_connect failed: 0 (0x0)
Error: (null)
error:00000000:lib(0):func(0):reason(0)
bio: Success
so how do i get the actual error out of this?
For getting the last state of your SSL connection in your code you can add something like fprintf(stderr,"p_ssl state: %s\n",SSL_state_string_long(p_ssl));.
More generally I suggest you to add an info callback like this : http://www.openssl.org/docs/ssl/SSL_CTX_set_info_callback.html
For your case, you must replace SSLv2_client_method() by something like TLSv1_client_method().
Following is the function I wrote to capture IPv6 multicast data coming on multicast address ff02::1 and port 9154.
This code works fine on Windows Vista and Windows 7. But I am unable to capture the same traffic for Windows 8 (none of the winsock functions returns error for Win8).
Using netstat I am able to verify that my application is using this port.
Can any one help?
void func()
{
int multicastChannel = 0;
char multicastIP[] = "FF02::1";
char multicastPort[] = "9154";
ADDRINFO* multicastAddr = NULL;
ADDRINFO* localAddr = NULL;
ADDRINFO hints = { 0 };
struct ipv6_mreq multicastRequest6;
hints.ai_family = PF_UNSPEC;
hints.ai_flags = AI_NUMERICHOST;
if ( getaddrinfo(multicastIP, NULL, &hints, &multicastAddr) != 0 )
{
printf("getaddrinfo() failed");
return;
}
hints.ai_family = multicastAddr->ai_family;
hints.ai_socktype = SOCK_DGRAM;
hints.ai_flags = AI_PASSIVE;
if ( getaddrinfo(NULL, multicastPort, &hints, &localAddr) != 0 )
{
printf("getaddrinfo() failed");
return;
}
multicastChannel = socket(localAddr->ai_family, localAddr->ai_socktype, 0);
if ( bind(multicastChannel, localAddr->ai_addr, localAddr->ai_addrlen) != 0 )
{
printf("bind() failed");
return;
}
memcpy(&multicastRequest6.ipv6mr_multiaddr,
&((struct sockaddr_in6*)(multicastAddr->ai_addr))->sin6_addr,
sizeof(multicastRequest6.ipv6mr_multiaddr));
multicastRequest6.ipv6mr_interface = 0;
if ( setsockopt(multicastChannel,
IPPROTO_IPV6,
IPV6_ADD_MEMBERSHIP,
(char*) &multicastRequest6,
sizeof(multicastRequest6)) != 0 )
{
ERROR_ReportError("setsockopt() failed");
}
freeaddrinfo(localAddr);
freeaddrinfo(multicastAddr);
ioctlsocket(multicastChannel, FIONBIO, &arg);
sockaddr_in6 fromAddr;
while(1)
{
read = recvfrom(multicastChannel,
data,
1500,
0,
(struct sockaddr*)&fromAddr,
&sizeof(sockaddr_in6);
if (read > 0) {
function();
}
}
}