Jump to content

Winhttp.winhttprequest.5.1 certificate error


Recommended Posts

Hi guys,

I have a problem with Winhttp.winhttprequest.5.1
When I try to POST to a URL (https://example.com) it works just fine, but when I try to POST to the IP (https://1.1.1.1) there is an error message.

My COM error handler says the following:
Description: The host name in the certificate is invalid or does not match
Number: 80020009
Source: WinHttp.WinHttpRequest

It is most certainly a problem on our server, however I am asking if there is a way that we can disable the SSL verification while posting to the IPs instead of the DNS.

The code that I use is:

Func SendXmlPostRequest($url, $auth, $xml) ; Make a POST request to Genesis and get the response.
    Global $oHTTP = ObjCreate('Winhttp.winhttprequest.5.1')
    $oHTTP.Open('POST', $url, False)
    $oHTTP.SetRequestHeader('Authorization', 'Basic' & ' ' & $auth)
    $oHTTP.setRequestHeader('Content-type', 'application/xml')
    $oHTTP.Send($xml)
    $responseText = $oHTTP.ResponseText
    $responseStatus = $oHTTP.Status

    If $responseStatus <> 200 Then ; Check the response code from the server.
        MsgBox(0, 'Message', 'Request failed on subimtion with Response Status:' & ' ' & $responseStatus)
        Exit
    EndIf

    $getCodeArr = _StringBetween($responseText, '<code>', '</code>')
    $getCode = $getCodeArr

    If $getCode <> 0 And $getCode <> 200 Then ; Check the response code from the gateway.
        $getTechicalMessageArr = _StringBetween($responseText, '<technical_message>', '</technical_message>')
        $getTechicalMessage = $getTechicalMessageArr
        MsgBox(0, 'Message', 'Request failed with:' & @CRLF & 'Response Code:' & ' ' & $getCodeArr[0] & @CRLF & 'Technical Message:' & ' ' & $getTechicalMessageArr[0])
        Exit
    EndIf

    If $responseStatus = 200 Then
        $getTransType = _StringBetween($responseText, '<transaction_type>', '</transaction_type>')
        If $getTransType[0] = "capture" Then
            $getCaptureUniqueID = _StringBetween($responseText, '<unique_id>', '</unique_id>')
        ElseIf $getTransType[0] = "void" Then
            $getVoidUniqueID = _StringBetween($responseText, '<unique_id>', '</unique_id>')
        ElseIf $getTransType[0] = "refund" Then
            $getRefundUniqueID = _StringBetween($responseText, '<unique_id>', '</unique_id>')
        ElseIf $getTransType[0] = "credit" Then
            $getCreditUniqueID = _StringBetween($responseText, '<unique_id>', '</unique_id>')
        ElseIf $getTransType[0] = "recurring_sale" Then
            $getRecurringSaleUniqueID = _StringBetween($responseText, '<unique_id>', '</unique_id>')
        Else
            $getUniqueID = _StringBetween($responseText, '<unique_id>', '</unique_id>')
            $uniqueID = $getUniqueID[0]
        EndIf
    EndIf
EndFunc   ;==>SendXmlPostRequest

Thank you in advance for the suggestions!

Link to comment
Share on other sites

@PunkoHead

Here are the constants for the Option property of the WinHttpRequest object:

Global Enum $WinHttpRequestOption_UserAgentString, _
            $WinHttpRequestOption_URL, _
            $WinHttpRequestOption_URLCodePage, _
            $WinHttpRequestOption_EscapePercentInURL, _
            $WinHttpRequestOption_SslErrorIgnoreFlags, _
            $WinHttpRequestOption_SelectCertificate, _
            $WinHttpRequestOption_EnableRedirects, _
            $WinHttpRequestOption_UrlEscapeDisable, _
            $WinHttpRequestOption_UrlEscapeDisableQuery, _
            $WinHttpRequestOption_SecureProtocols, _
            $WinHttpRequestOption_EnableTracing, _
            $WinHttpRequestOption_RevertImpersonationOverSsl, _
            $WinHttpRequestOption_EnableHttpsToHttpRedirects, _
            $WinHttpRequestOption_EnablePassportAuthentication, _
            $WinHttpRequestOption_MaxAutomaticRedirects, _
            $WinHttpRequestOption_MaxResponseHeaderSize, _
            $WinHttpRequestOption_MaxResponseDrainSize, _
            $WinHttpRequestOption_EnableHttp1_1, _
            $WinHttpRequestOption_EnableCertificateRevocationCheck

Here are the valid values for ignoring SSL errors

Global CONST $WinHttpRequestOption_SslErrorIgnoreFlags_UnknownCA       = 0x0100
Global CONST $WinHttpRequestOption_SslErrorIgnoreFlags_CertWrongUsage  = 0x0200
Global CONST $WinHttpRequestOption_SslErrorIgnoreFlags_CertCNInvalid   = 0x1000
Global CONST $WinHttpRequestOption_SslErrorIgnoreFlags_CertDateInvalid = 0x2000
Global CONST $WinHttpRequestOption_SslErrorIgnoreFlags_IgnoreAll       = 0x3300  ;IGNORE ALL OF THE ABOVE

So to ignore all SSL errors, you could add the following line before your send:

$oHTTP.Option($WinHttpRequestOption_SslErrorIgnoreFlags) = $WinHttpRequestOption_SslErrorIgnoreFlags_IgnoreAll

or

$oHTTP.Option(4) = 0x3300

 

Edited by TheXman
Added @PunkoHead since he or she isn't following the topic
Link to comment
Share on other sites

You're welcome.  Glad to have helped.  :thumbsup:

Link to comment
Share on other sites

Just a slight update here, once I ignore the certificate alerts, my request is not being sent as application/xml and the server refuses the post request.

I read somewhere that this is because some character conversion and the XML not being sent as UTF-8, but am not sure. Basically, using Winhttp.winhttprequest.5.1, I am not able to send my requests to the server. 

Does anyone have a solution for this? Not sure if I have to open a new thread about this.

Thanks in advance!

Link to comment
Share on other sites

If it's still cetificat issue: 

If the webSite is Safe "?"

Just approve the invalid certificate. And import it to the computer.

 

This is able to be done only if you're automating one PC.

Is it Symantec certif ?

My video tutorials : ( In construction )  || My Discord : https://discord.gg/S9AnwHw

How to Ask Help ||  UIAutomation From Junkew || WebDriver From Danp2 || And Water's UDFs in the Quote

Spoiler

 Water's UDFs:
Active Directory (NEW 2018-10-19 - Version 1.4.10.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-10-31 - Version 1.3.4.1) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
PowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & Support
Excel - Example Scripts - Wiki
Word - Wiki
 
Tutorials:

ADO - Wiki

 

Link to comment
Share on other sites

6 hours ago, PunkoHead said:

my request is not being sent as application/xml

Is this an assumption or are you getting back an error that explicitly states that is the reason your POST is getting rejected?  Can you show the response or any errors that you got back in the response?

To trouble shoot the issue, more information is needed.  Are you sure that the XML is valid?  Can you provide the request requirements?  Does the request require any other information to be sent in the header?  Does the site have a test environment that test requests can be sent? If so, that would help.  Without more information, any attempt to trouble shoot the issue would be pure speculation.

Link to comment
Share on other sites

24 minutes ago, Juvigy said:

Yes, IE UDF. Why dont you want to use it?

@Juvigy

You've piqued my interest.  To the best of my knowledge, you cannot do an HTTP POST of application/xml data using any IE UDF functions.  Just how would you propose to do an HTTP POST of application/xml data using the IE UDF?

Link to comment
Share on other sites

Quote

Is this an assumption or are you getting back an error that explicitly states that is the reason your POST is getting rejected?  Can you show the response or any errors that you got back in the response?

This is what I got - it is a response from our server:

<payment_response>
  <status>error</status>
  <code>360</code>
  <message>Missing or invalid content type: should be text/xml!</message>
  <technical_message>Parsing not possible.</technical_message>
</payment_response>
Quote

Are you sure that the XML is valid?

Yes, using Msxml2.XMLHTTP is sending the correct thing.

We have a test environment but it is really strict and I am not able to provide you access to it :(

As for the information in the headers - only content type and authorization - nothing else.

And just clarification, if I set the header to text/xml - it is the same error.

Link to comment
Share on other sites

The error message says that it is expecting a content-type of text/xml.  Looking at your original post, you specified a content-type of application/xml.  Have you tried changing it to text/xml? 

Sorry. just read the last sentence?  :)  I see that you did try text/html.

Edited by TheXman
Link to comment
Share on other sites

When I am testing web services, I use an extension like Rester, in Firefox, to make sure that I have all of the information I need to get a successful response.  I then translate it into code.  Have you tried using some sort of web service tool, other than msxml2.xmlhttp, to validate the request?

Edited by TheXman
Link to comment
Share on other sites

You could also try explicitly setting the charset like:

$oHTTP.setRequestHeader('Content-Type', 'text/xml; charset=utf-8')

 

Edited by TheXman
Link to comment
Share on other sites

This is super strange...

Trying these:

$oHTTP.SetRequestHeader('Content-Type', 'application/xml; charset=utf-8')
$oHTTP.SetRequestHeader('Content-Type', 'text/xml; charset=utf-8')

Did not help.

As for the testing - I am testing with Postman - I get great responses with it. I also tried restlet - it works great as well.

Not sure if I switch to another version of winhttprequest. Can you give me the exact name that I have to put in ObjCreate in order to do so?

Link to comment
Share on other sites

All of my scripts use exactly the same command as your original post:

$oHttp = ObjCreate("winhttp.winhttprequest.5.1")

 

Link to comment
Share on other sites

Postman should be able to show you the raw request and response.  If it doesn't, you could use a protocol sniffer like WireShark to capture the request in order to see exactly how the successful requests look.  Then, you can build the request to look the same.  Something is missing in the AutoIt-generated requests using the winhttprequest object.

Edited by TheXman
Link to comment
Share on other sites

Are you going through a proxy?  If so, are host headers required?

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...