any way to use CAs(Certificate Authorities Firefox) when want get source of ssl urls?

[Black_Storm]

hi,this thread is about one of my another questions here:

"how can fix errot about get html source with this special https url"

i sent enough descriptions in that thread about my problem to get html source of my special https url but i want ask here something special about "CAS files"

any sample code to can use of a firefox crt file(Certificate Authorities Firefox) for open and get my https source url without error about ssl like these :
"error : A connection with the server could not be established"
or
"error : The download of then specified resouce had failed."
or
"An error occurred in the secure channel support"?

for example i have a "curl-ca-bundle.crt" Certificate file,how can set it to my winhttp or xmlobject or any way to can use it and get html source of my url https ?

[wqweto]

You can do this since latest commit 9fcb12e of WinHttpRequest replacement class in VbAsyncSocket repo.

First you can load the root CA bundle file (once) with something like this:

Code:

    If m_oRootCa Is Nothing Then
        Set m_oRootCa = New cTlsSocket
        m_oRootCa.ImportPemRootCaCertStore App.Path & "\ca-bundle.pem"
    End If

. . . and then use this preloaded collection of root certificates to assign WinHttpRequestOption_RootCA option on each cHttpRequest you are going to use with something like this:

Code:

    m_oRequest.Option_(WinHttpRequestOption_RootCA) = m_oRootCa

cheers,
</wqw>

[Black_Storm]

i downloaded but its so complicated for me and my weak english,for example i want jst get source of this url "https://www.melkeirani.com/melk-225433"
i used this url in some samples in that VbAsyncSocket project but i see errors about connection time out or

"41299.929 [ERROR] The certificate or certificate chain is based on an untrusted root &H80040000 [Form1.pvInitHttpRequest, cTlsSocket.pvHandleReceive, cTlsSocket.pvPkiCertValidate]"

or

The certificate or certificate chain is based on an untrusted root

and like these.

can jst send a simple project about get my url source used by this VbAsyncSocket?

jst a simple attachment ?

[wqweto]

Try this:
- Create an empty Std-EXE project called Project1
- Get latest changes from VbAsyncSocket repo
- Add src/cAsyncSocket.cls, src/cTlsSocket.cls, src/mdTlsNative.bas and contrib/cHttpRequest.cls from repo to your Project1 (drag and drop from Explorer into VBIDE)
- Copy ca-bundle.pem Mozilla root certificates to your project folder (can use cacert.pem from curl too)
- In Form1 paste this code

Code:

Option Explicit

Private m_oRootCa As cTlsSocket

Private Sub Form_Load()
    Set m_oRootCa = New cTlsSocket
    m_oRootCa.ImportPemRootCaCertStore App.Path & "\ca-bundle.pem"
End Sub

Private Sub Form_Click()
    Dim oRequest As cHttpRequest
    
    On Error GoTo EH
    Set oRequest = New cHttpRequest
    oRequest.SetTimeouts 5000, 5000, 5000, 5000
    oRequest.Option_(WinHttpRequestOption_RootCA) = m_oRootCa
    oRequest.Open_ "GET", "https://www.vbforums.com/showthread.php?895010-any-way-to-use-CAs(Certificate-Authorities-Firefox)-when-want-get-source-of-ssl-urls"
    oRequest.Send
    Debug.Print Len(oRequest.ResponseText), Left$(oRequest.ResponseText, 100)
    Exit Sub
EH:
    MsgBox Err.Description, vbCritical
End Sub

This is (mostly) the same code you would use with a WinHttpRequest object to GET a page from an http server.

cheers,
</wqw>

[Black_Storm]

i added that 4 files (in ur descriptions inlast version on github in current date 2022/02/09) ,i downloaded cacert.pem too and tested with that two pem (cacert.pem and ca-bundle.pem) but when i click on form i see this error:


image link : https://i.postimg.cc/sXgHmh3p/0001.png

[wqweto]

There is something weird going on here as vbforums.com certificate is valid until 22 April, 2022

Try not setting Option_(WinHttpRequestOption_RootCA) first if this fixes the expired certificate error.

Is this Win7 your are testing on?

cheers,
</wqw>

[Black_Storm]

i used this too :

Code:

Option Explicit

Private m_oRootCa As cTlsSocket

Private Sub Form_Load()
    'Set m_oRootCa = New cTlsSocket
    'm_oRootCa.ImportPemRootCaCertStore App.Path & "\ca-bundle.pem"
    'm_oRootCa.ImportPemRootCaCertStore App.Path & "\cacert.pem"
    
End Sub

Private Sub Form_Click()
    Dim oRequest As cHttpRequest
    
    On Error GoTo EH
    Set oRequest = New cHttpRequest
    oRequest.SetTimeouts 5000, 5000, 5000, 5000
    'oRequest.Option_(WinHttpRequestOption_RootCA) = m_oRootCa
    oRequest.Open_ "GET", "https://www.vbforums.com/showthread.php?895010-any-way-to-use-CAs(Certificate-Authorities-Firefox)-when-want-get-source-of-ssl-urls"
    'oRequest.Open_ "GET", "https://www.melkeirani.com/melk-225433"
    oRequest.Send
    Debug.Print Len(oRequest.ResponseText), Left$(oRequest.ResponseText, 100)
    Exit Sub
EH:
    MsgBox Err.Description, vbCritical
End Sub

but same error about certificate expired ... and yes i am use win7 but i want get source on win xp and win 10(32 or 64 bit) too.
when i change url to what i need like this : "https://www.melkeirani.com/melk-225433" with this code :

Code:

Private m_oRootCa As cTlsSocket

Private Sub Form_Load()
    'Set m_oRootCa = New cTlsSocket
    'm_oRootCa.ImportPemRootCaCertStore App.Path & "\ca-bundle.pem"
    'm_oRootCa.ImportPemRootCaCertStore App.Path & "\cacert.pem"
    
End Sub

Private Sub Form_Click()
    Dim oRequest As cHttpRequest
    
    On Error GoTo EH
    Set oRequest = New cHttpRequest
    oRequest.SetTimeouts 5000, 5000, 5000, 5000
    'oRequest.Option_(WinHttpRequestOption_RootCA) = m_oRootCa
    'oRequest.Open_ "GET", "https://www.vbforums.com/showthread.php?895010-any-way-to-use-CAs(Certificate-Authorities-Firefox)-when-want-get-source-of-ssl-urls"
    oRequest.Open_ "GET", "https://www.melkeirani.com/melk-225433"
    oRequest.Send
    Debug.Print Len(oRequest.ResponseText), Left$(oRequest.ResponseText, 100)
    Exit Sub
EH:
    MsgBox Err.Description, vbCritical
End Sub

this error will be show :



image linke : https://i.postimg.cc/dQS9JSs3/error2.png

[wqweto]

I stand humbled by this error report. Obviously will have to accept that my TLS implementation attempt will never be made universal as there are always combinations of environment, locale, OS, etc. where things will go awry in the end.

My coding abilities just do not provide for such extreme edge use-cases and I don’t have the resources to debug any of these bizarre failures. Sorry about that but probably this solution is not right for you.