Using WinHTTP to upload files on https handling errors (Unknown CA, expired Certs)

[steff]

Dear all,

I'm trying to use the suggested winhttp file upload way, but I need to manage SSL errors, because a known internal web server issue we are having.

I started using this form, as the WinHttp manual suggested.

#include "WinHttp.au3"

$sAddress = "https://posttestserver.com/post.php?dump&dir=WinHttp" ; the address of the target (https or http, makes no difference - handled automatically)

$sFileToUpload = @ScriptFullPath ; upload itself

$sForm = _
        '<form action="' & $sAddress & '" method="post" enctype="multipart/form-data">' & _
        ' <input type="file" name="upload"/>' & _ ;
        ' <input type="text" name="someparam" />' & _
        '</form>'

; Initialize and get session handle
$hOpen = _WinHttpOpen()

$hConnect = $sForm ; will pass form as string so this is for coding correctness because $hConnect goes in byref

; Fill form
$sHTML = _WinHttpSimpleFormFill($hConnect, $hOpen, _
        Default, _
        "name:upload", $sFileToUpload, _
        "name:someparam", "Candy")

If @error Then
    MsgBox(4096, "Error", "Error number = " & @error)
Else
    ConsoleWrite($sHTML & @CRLF)
EndIf

; Close handles
_WinHttpCloseHandle($hConnect)
_WinHttpCloseHandle($hOpen)

But I'm getting @error = 4 which is a "Connection error" as output.

I know I should set the certificate issues handling with _WinHttpSetOptionEx after the connection has been set up this way:

$hw_open = _WinHttpOpen()
$hw_connect = _WinHttpConnect($hw_open, $IP,$INTERNET_DEFAULT_HTTPS_PORT)
$h_openRequest = _WinHttpOpenRequest($hw_connect, "get", $subUrl,"","","",$WINHTTP_FLAG_SECURE)

$allow_unknownCA_wrongCN = BitOR($SECURITY_FLAG_IGNORE_UNKNOWN_CA, $SECURITY_FLAG_IGNORE_CERT_CN_INVALID)
$r = _WinHttpSetOptionEx($h_openRequest, $WINHTTP_OPTION_SECURITY_FLAGS, $allow_unknownCA_wrongCN)

But how can I handle certificate issues in the file upload?

The file upload has a completely different syntax then the usual http connection .

Thanks to all who will reply

Regards

stefano

[steff]

Just to add a few infos, my script contains some code before the http file upload.

I use that code to call some PHPs on the same server used for file upload.

The connection works fine when setting the various $SECURITY_FLAG_IGNORE_* : I'm able to POST to some PHPs and manage the response.

I know it would be better to have a server with a proper certificate, but unfortunately, in our company, we have this server with a self signed cert which is expired, and it's hard to have the sysadmin renewing it . I also tried with some pizza, but it didn't work...

Thanks for your advices.

Ciao

s.

Edited December 10, 2019 by steff

[trancexx]

Add one more argument for upload function. Like this:

;...
; Fill form
$sHTML = _WinHttpSimpleFormFill($hConnect, $hOpen, _
        Default, _
        "name:upload", $sFileToUpload, _
        "name:someparam", "Candy", _
        "[IGNORE_CERT_ERRORS]")
;...

 

[steff]

Thank you trancexx for your help.

I got that working, at least in sending the file to the server.

Now I have another issue, but I don't know yet if it's client-side or server-side. Maybe some sort of PHP debugging will be involved