Re: v1.11 SSL problem

Re: v1.11 SSL problem - any ideas?

Subject: Re: v1.11 SSL problem - any ideas?

From: Michael Bailey <mjb1908@xxxxxxxxxxx>

Date: Sun, 24 Jul 2005 15:26:09 +0100 (BST)

Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.co.uk; h=Message-ID:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=f3iv84vdxO3uPkZeLyz0W46gIBbawt7c20TRex4V1SlS6k1UBdQmPu0PkdIOyrj5r3zUU7DSbtLLmmmZti1sTj14f5aIGh2Z6CsM3047rf+DDwdravX91U7+ppMv6pfbGgaD1mrdbqFCP8pHKWCDA7NO71wkcmFnpGS1ewH7t0I= ;

Reply-to: ftpapi@xxxxxxxxxxxxx

Sender: owner-ftpapi@xxxxxxxxxxxxx

...the debug for my changed card auth version of Example5 is actually:

HTTPAPI Ver 1.11 released 2005-07-19

New iconv() objects set, ASCII=819. EBCDIC=0
http_persist_open(): entered
http_long_ParseURL(): entered
https_init(): entered
(GSKit) Access to the key database is not allowed.
ssl_error(6003): (GSKit) Access to the key database is not allowed.
SetError() #24: gsk_env_init: (GSKit) Access to the key database is not allowed.
-------------------------------------------------------------------------------------
Dump of local-side certificate information:
-------------------------------------------------------------------------------------
(GSKit) An operation which is not valid for the current SSL session state was attempted.
ssl_error(5): (GSKit) An operation which is not valid for the current SSL session state was attempted.
(GSKit) An operation which is not valid for the current SSL session state was attempted.

Apologies, the one I coped and pasted occurs when I call Example5 from the command line (forgot that the debug gets replaced each time!).

Note: forwarded message attached.

--- Begin Message ---

To: ftpapi@xxxxxxxxxxxxx
Subject: v1.11 SSL problem - any ideas?
From: Michael Bailey <mjb1908@xxxxxxxxxxx>
Date: Sun, 24 Jul 2005 14:45:49 +0100 (BST)

I've been testing an SSL post for credit card authorization using v1.10 and a modified Example5. I've managed to get a response from the card company although not a positive one i.e. they don't receive what I've sent them (I'll leave this one until I've resolved my current problem below).

I decided last night to upgrade to v1.11 to see if, maybe, there's a fix in there that may make it magically work. However, I've fallen at the first hurdle as I'm not getting this debug output when I run my version of the program which I wan't getting before:

HTTPAPI Ver 1.11 released 2005-07-19

New iconv() objects set, ASCII=819. EBCDIC=0
http_persist_open(): entered
http_long_ParseURL(): entered
https_init(): entered
-------------------------------------------------------------------------------------
Dump of local-side certificate information:
-------------------------------------------------------------------------------------
(GSKit) Certificate is not signed by a trusted certificate authority.
ssl_error(6000): (GSKit) Certificate is not signed by a trusted certificate authority.
SetError() #30: SSL Handshake: (GSKit) Certificate is not signed by a trusted certificate author
-------------------------------------------------------------------------------------
Dump of server-side certificate information:
-------------------------------------------------------------------------------------
Cert Validation Code = 0

Obviously it's a DCM error but why would an upgrade to HTTPAPI cause this to come out of the woodwork? Incidentally, I did apply the mods from v1.11 Example5 to my program and I do have every available client certificate assigned to the SCK_HTTPAPI_EXAMPLES app. I'm a v5r3 with the latest cumulative applied.

When I run Example5 from a command line I get SSL Handshake: "(GSKit) Certificate is not signed by..."

Please help!

Yahoo! Messenger NEW - crystal clear PC to PC calling worldwide with voicemail
--- End Message ---