For WinHTTP, in order to accept/allow SSL validation failures, you must first make the request and allow it to fail, then disable the security checks and retry the operation on the request handle. Something along the lines of:
// Certain circumstances dictate that we may need to loop on WinHttpSendRequest
// hence the do/while
do
{
retry = false;
result = NO_ERROR;
// no retry on success, possible retry on failure
if(WinHttpSendRequest(
mHRequest,
WINHTTP_NO_ADDITIONAL_HEADERS,
0,
optionalData,
optionalLength,
totalLength,
NULL
) == FALSE)
{
result = GetLastError();
// (1) If you want to allow SSL certificate errors and continue
// with the connection, you must allow and initial failure and then
// reset the security flags. From: "HOWTO: Handle Invalid Certificate
// Authority Error with WinInet"
// http://support.microsoft.com/default.aspx?scid=kb;EN-US;182888
if(result == ERROR_WINHTTP_SECURE_FAILURE)
{
DWORD dwFlags =
SECURITY_FLAG_IGNORE_UNKNOWN_CA |
SECURITY_FLAG_IGNORE_CERT_WRONG_USAGE |
SECURITY_FLAG_IGNORE_CERT_CN_INVALID |
SECURITY_FLAG_IGNORE_CERT_DATE_INVALID;
if(WinHttpSetOption(
mHRequest,
WINHTTP_OPTION_SECURITY_FLAGS,
&dwFlags,
sizeof(dwFlags)))
{
retry = true;
}
}
// (2) Negotiate authorization handshakes may return this error
// and require multiple attempts
// http://msdn.microsoft.com/en-us/library/windows/desktop/aa383144%28v=vs.85%29.aspx
else if(result == ERROR_WINHTTP_RESEND_REQUEST)
{
retry = true;
}
}
} while(retry);