2

We are using Resource Owner Credentials to get access tokens using our internal OAuth Svr. Everything is working if the the url does not include any https in it, but the moment I include https in it everything fails.

We deployed all our sites with https:

Following a very simple code which fails. I don't any clues why I am getting exception if I include https in it.

try
{
    http_client api(U("https://172.27.12.207/AuthSvr"), m_http_config);
    ucout << "Requesting account information:" << std::endl;
    ucout << "Information: " << api.request(methods::GET, U("identity/.well-known/openid-configuration")).get().extract_json().get() << std::endl;
    //TestRestAPI().wait();
}
catch (...)
{
    ucout << "Unknown Error";
}

EDIT

I handled exception to catch web::http::http_exception and I am seeing error:

WinHttpSendRequest: 12175: A security error occurred
Piotr Siupa
  • 3,929
  • 2
  • 29
  • 65
srikat
  • 31
  • 2
  • Could you write what exception you are getting? – Piotr Siupa Aug 20 '15 at 22:08
  • I handled exception to catch web::http::http_exception and I am seeing error "WinHttpSendRequest: 12175: A security error occurred" – srikat Aug 21 '15 at 18:48
  • https://msdn.microsoft.com/en-us/library/windows/desktop/aa383770%28v=vs.85%29.aspx?f=255&MSPPError=-2147217396 – Piotr Siupa Aug 21 '15 at 18:50
  • The issue was with Certificates validation. Since most of the development environment uses self signed certificates the validation fails making the HTTPS transaction fail. Workaround is to disable the certificate validation. – srikat Aug 24 '15 at 17:47
  • 1
    Paste this as answer. – Piotr Siupa Aug 30 '15 at 22:26
  • Where u able to resolve this issue? How do I disavle the certificate Validatation? I tried setting the set_validate_certificates to false, but it didnt work. Please help. – S_R Nov 18 '15 at 07:13

2 Answers2

0

The issue shows up when trying to validate a self signed certificate. This normally shows up in development where no valid vertificate is used but an on the fly certificate is generated.

It is possible to work around by disable the validation.

web::http::client::http_client_config config;
config.set_validate_certificates(false);

auto client = std::make_shared<web::http::client::http_client>(U("https://localhost:8081/"), config);

please make absolutely shure that this is only done in debug test code and is not part of the final product.

Totonga
  • 4,236
  • 2
  • 25
  • 31
0

// Create an HTTP request handle. shRequest = WinHttpOpenRequest ( shConnect, L"GET", L"/robots.txt", NULL, WINHTTP_NO_REFERER, WINHTTP_DEFAULT_ACCEPT_TYPES, 0 ); //WINHTTP_FLAG_SECURE );

In my case a similar issue was solved by commenting out the WINHTTP_FLAG_SECURE flag.

alman
  • 83
  • 6