I am trying to figure out how to use IMFSSLCertificateManager. So far I have gotten to where my IMFSSLCertificateManager::GetCertificatePolicy is getting called. But after that, I begin to have problems:
- If I return pfClientCertificateAvailable == FALSE from GetCertificatePolicy, I just get a ~30 second delay, followed by CreateObjectFromURL returning 0x80072ee2 (WININET_E_TIMEOUT). My expectation was that it would call my BeginGetClientCertificate,
but that never happens.
- If I return pfClientCertificateAvailable == TRUE from GetCertificatePolicy, IMFSSLCertificateManager::GetClientCertificate gets called, but no matter what I try to return as a certificate, I always get 0x80092003 (CRYPT_E_FILE_ERROR). While the docs
are silent about exactly what is expected in ppbData, I have allocated memory using CoTaskMemAlloc, then read the entire contents of the certificate file into the buffer. I have tried various types of certificate files, but nothing works.
It's possible that I have my IIS set up incorrectly, but I don't think so. Rather than walk you thru all the steps I used, I'll just say that attempting to connect to https://localhost/AspectRatio4x3.wmv from firefox (correctly) prompts me to use a client
certificate. When I do, I am able to access the file. Using the same certificate in IMFSSLCertificateManager::GetClientCertificate always gives 0x80092003.
Google doesn't show me any sample code using this interface, and the MSDN docs for IMFSSLCertificateManager are very bare bones.
I need both BeginGetClientCertificate and GetCertificatePolicy to work, depending on how I set pfClientCertificateAvailable.
FWIW: I can get IMFSSLCertificateManager::OnServerCertificate to get called by playing with the server settings.
I am on Windows 7 Professional x64, compiling for 32bit, using the internal IIS, and self-signed certificates.
Any thoughts on what I am doing wrong, sample code showing how this is supposed to work, or ideas about how to debug this are appreciated.