Hello, finaly we have received some info from Microsoft's IE team. We will try to test the workaround. I remember trying to run CA without frames without success, but maybe we did something wrong.
"... PROBLEM: On Vista SP1, if you are using certenroll inside of a frame and you call CreateRequest then the user will be prompted with our message box to allow creating the certificate request. On Win7, if you are using certenroll inside of a frame and you call CreateObject on the factory then the user will NOT be prompted and the code assumes the user clicked "cancel" which does not allow the object to be created and the whole thing fails... - In Vista SP1, we obtained the handle to the window by calling GetForegroundWindow() - In Win7, we obtain the handle to the window by asking the browser object for its handle. However, the handle appears to be invalid when it is called within a frame The certenroll control must NOT be inside an iframe. The control must be in the parent frame and the child frame can access the object from the parent frame. This works if they are in the same domain. If they are in different subdomains then you must use document.domain = "x.com" in both the child and parent frames WORKAROUND : Put certenroll in the topmost parent frame. Children can access it using window.parent if necessary [as long as the domain is the same] ANOTHER POSSIBLE FIX: The fix is around 4 lines of new code + 4 lines changes, here is the fix: How To Retrieve the Top-Level IWebBrowser2 Interface from an ActiveX Control http://support.microsoft.com/kb/q257717/ ..." Tom Massimiliano Pala-3 wrote: > > Hello Guys, > > is there any news about this ? I have not been able to follow up on this > part since a lot of efforts are being put in LibPKI and the OCSP server. > > Let me know if you have code patches / fixes. I will include them in the > package. > > Cheers, > Max > > > On 04/11/2011 07:18 AM, tomaaak wrote: >> >> Hi Dmitrij, >> >> thanks, but I have played a lot with various security settings and the >> problem is probably in redefined interface to some crypto-component which >> OpenCA does not reflect. I am investiating it together with Microsoft >> support (yes, really :-) ). They are comparing debug outputs from >> Vista/IE7 >> (where it works) with later versions. >> >> Vista SP1 (SP1 is required to run IE8) does not work and throws the same >> error as Win 7. >> There is no difference between 32 and 64-bit versions. >> >> Tom > > > > -- > > Best Regards, > > Massimiliano Pala > > > > -- View this message in context: http://old.nabble.com/Certificate-request-from-Windows-7-and-Internet-Explorer-8-tp31122889p32177472.html Sent from the openca-users mailing list archive at Nabble.com. ------------------------------------------------------------------------------ BlackBerry® DevCon Americas, Oct. 18-20, San Francisco, CA The must-attend event for mobile developers. Connect with experts. Get tools for creating Super Apps. See the latest technologies. Sessions, hands-on labs, demos & much more. Register early & save! http://p.sf.net/sfu/rim-blackberry-1 _______________________________________________ Openca-Users mailing list Openca-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-users
