No right now we don't have the ability to access the underlying WinHTTP request handle. In general we have been trying to keep the Casablanca public API clean of any platform specific details.
I figured out all the server certificate verification options that can be disabled with WinHTTP. I put together a quick implementation and it compiles and runs through the tests fine, but I haven't had a chance to really extensively try it out yet. Add the
following code to http_client.cpp at line 1375.
// NOTE: This code turns ignores common server certificate verification errors.
bool ignoreServerCertErrors = true;
DWORD data = SECURITY_FLAG_IGNORE_UNKNOWN_CA
auto result = WinHttpSetOption(
request->report_error(U("Error setting WinHttp to ignore server certification validation errors."));
I'm going to be out of the office for the rest of the week due to the 4th of July, but try this out and let me know if it works for you. If we add capability like this to Casablanca it probably would be with a general purpose option to the http client configuration
to ignore certificate verification errors.