Skip to content

Commit 653aca1

Browse files
timhalltimhall
committed
Merge pull request #122 from VBA-tools/revocation-info-bug
Update security defaults
2 parents b391276 + a3e5cd9 commit 653aca1

File tree

2 files changed

+14
-8
lines changed

2 files changed

+14
-8
lines changed

specs/VBA-Web - Specs.xlsm

-69.5 KB
Binary file not shown.

src/WebClient.cls

Lines changed: 14 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -507,24 +507,30 @@ Public Function PrepareHttpRequest(Request As WebRequest, Optional Async As Bool
507507
End If
508508

509509
' Setup security
510-
'
511-
' By default:
512-
' - Enable certificate revocation check (especially useful after HeartBleed)
513-
' - Disable redirects (matches cURL behavior)
514-
web_Http.Option(web_WinHttpRequestOption.web_WinHttpRequestOption_EnableCertificateRevocationCheck) = True
515-
web_Http.Option(web_WinHttpRequestOption.web_WinHttpRequestOption_EnableRedirects) = False
516-
517510
If Me.Insecure Then
518-
' Disable SSL validation
519511
' - Disable certifcate revocation check
520512
' - Ignore all SSL errors
521513
' Unknown certification authority (CA) or untrusted root, 0x0100
522514
' Wrong usage, 0x0200
523515
' Invalid common name (CN), 0x1000
524516
' Invalid date or certificate expired, 0x2000
525517
' = 0x3300 = 13056
518+
' - Enable redirects
519+
' - Enable https-to-http redirects
526520
web_Http.Option(web_WinHttpRequestOption.web_WinHttpRequestOption_EnableCertificateRevocationCheck) = False
527521
web_Http.Option(web_WinHttpRequestOption.web_WinHttpRequestOption_SslErrorIgnoreFlags) = 13056
522+
web_Http.Option(web_WinHttpRequestOption.web_WinHttpRequestOption_EnableRedirects) = True
523+
web_Http.Option(web_WinHttpRequestOption.web_WinHttpRequestOption_EnableHttpsToHttpRedirects) = True
524+
Else
525+
' By default:
526+
' - Enable certificate revocation check (especially useful after HeartBleed)
527+
' - Ignore no SLL erros
528+
' - Disable redirects (matches cURL behavior)
529+
' - Disable https-to-http redirects
530+
web_Http.Option(web_WinHttpRequestOption.web_WinHttpRequestOption_EnableCertificateRevocationCheck) = True
531+
web_Http.Option(web_WinHttpRequestOption.web_WinHttpRequestOption_SslErrorIgnoreFlags) = 0
532+
web_Http.Option(web_WinHttpRequestOption.web_WinHttpRequestOption_EnableRedirects) = False
533+
web_Http.Option(web_WinHttpRequestOption.web_WinHttpRequestOption_EnableHttpsToHttpRedirects) = False
528534
End If
529535

530536
' Set headers on http request (after open)

0 commit comments

Comments
 (0)