Re: Redirection to SSL/Parameters

[Scott Klement <sk@xxxxxxxxxxxxxxxx>]

Sender: Scott Klement <sk@xxxxxxxxxxxxxxxx>


On Fri, 10 Dec 2004, James Viney wrote:
>
> I'm still having problems sending data to my IP address!  However I am
> slowly getting somewhere. When I initially get my 302 error, it is actually
> trying to redirect to a secure site, which can be seen in the header
> returned from my first request:
[SNIP]
> So I'm confused as to how to deal with this now, as it suggests I need to
> configure a SSL with the site, but the company I'm trying to talk to insist
> that we don't need a certificate from them, as all certificates a re server
> side only.

So, you need software that downloads his certificate, verifies that he's a
genuine entity using cryptographic means, and performs encryption based on
both public and private keys that match that certificate in a way that's
compatible with the server (so that you can understand each other.)

Sure sounds like you need to configure SSL to me.


> They also insist that the Security comes from the line installed between
> them and the router to which I must be sending my initial request, hence
> the redirection. Browsers, obviously deal with this automatically, by
> downloading the certificate at that point, I presume.....is there a way
> the HTTPAPI can deal with this?  Help!

Apparently, HTTPAPI needs to be modified to check for 302 responses after
the request chain but before the document is posted.  I'll work on that.


> Why do you suggest that this is strange? (Hence I'm getting an rc of -1
> rather than 302)

I've already explained why.  Buck has also explained it.


> Also could someone explain the other parameters for http_url_post please
> (Timeout, UserAgent, ContType and soapAction).  I think I can guess timeout,
> but the others I'm not so sure.  I did have to change the ContType to
> 'application/xml' for another project but I don't know why.


UserAgent = What HTTPAPI identifies itself as to the web server.  A web
            browser will normally give it's name, version number, and
            operating system.  By default, HTTPAPI sends "httpapi/1.10"
            (or whatever version) Unfortunately, some web sites use this
            information to send responses like "This site requires
            Microsoft Internet Explorer 5.5 or later".  So, I made it
            something you can change, if you need to tell the site that
            you're running Internet Explorer, you can.

ContentType = Tells the server the MIME type of the data that you're
            sending.  For example "image/jpeg" might be sent to indicate
            that the data that you're uploading is a .JPG file.
            Or "application/VND.MS-EXCEL" to indicate an Excel
            spreadsheet.  Whether this matters or not depends on whether
            the program running on the server pays attention to the
            value you sent.  Some do, some don't.

SoapAction = I'm not exactly sure what this does.  It obviously has
            something to do with SOAP-based webservices.  This was code
            contributed by another HTTPAPI user, and I'm not precisely
            sure when/where you need to use it.  I've never used it in
            my work.
-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubsribe from the list send mail
to majordomo@xxxxxxxxxxxxx with the body: unsubscribe ftpapi mymailaddr
-----------------------------------------------------------------------