[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SSL to Bank of America (was RE: SSL/GSKit message)

Sender: Sean Porterfield <sporter@xxxxxxxxxxxx>

I don't use the https_init() when I post to my own SSL enabled server, and it works fine. I thought Scott said the procedure changed, and https_init was no longer required. (See: http://www.scottklement.com/archives/ftpapi/200506/msg00088.html )

I followed the redirects with my browser, checked the frames, and found the page containing the login form was actually
https://elink-http4.bankofamerica.com/cehttp/html/logon.htm

If I load that page directly in my browser without the frames, I can log on just fine. I'm trying the exact same thing in the program - post the data as if it had been on that form. I am posting to
https://elink-http4.bankofamerica.com/servlet/MailboxServlet (URI)

 c                   eval      rc = http_url_post(URI: %addr(data):
 c                             %len(%trimr(data)):
 c                             '/tmp/httptest.html':
 c                             HTTP_TIMEOUT:
 c                             HTTP_USERAGENT:
 c                             'application/x-www-form-urlencoded')

That's when I get the 400 error from their server. I'm not sure what they are expecting differently, though it seems it must be something in my data variable. Having just looked at it again, it appears I set data as if it were a GET request. I guess I should go look into how to properly code that part.

c                   eval      data = 'remote=' + %trim(USERID) +
c                             '&password=' + %trim(PASSWD) +
c                             '&Submit=Submit&operation=LOGON' +
c                             CRLF

Thanks for the nudge so far, it's always good to get a reminder to check parts that are expected to work.
--
Sean Porterfield


Goodbar, Loyd (ETS - Water Valley) wrote:
Sender: "Goodbar, Loyd (ETS - Water Valley)" <LGoodbar@xxxxxxxxxxxxxx>

Sean,

Yes, I am using the elink-http4 address.
How far have you gotten?

You do need to do http_init() before performing the first get.

If you review the generated HTML, Bank of America gives you a META tag to
redirect to another page: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Refresh" CONTENT="0;URL=cehttp/html/main.htm">
</HEAD>
</HTML>

I wrote a simplistic procedure to follow the META redirects until they run
out. Eventually you get here:

https://elink-http4.bankofamerica.com/cehttp/html/main.htm

You need to remember the path /cehttp/html/ as your URL base for web page
gets, but submit form requests to

https://elink-http4.bankofamerica.com/servlet/MailboxServlet

My biggest problem was forgetting the correct content type for form data,
which is Content-Type: application/x-www-form-urlencoded

Let me know how far you got. I can log in and retrieve files. 

HTH,
Loyd


Loyd Goodbar
Senior programmer/analyst
BorgWarner
E/TS Water Valley
662-473-5713

-----Original Message-----
From: Sean Porterfield [mailto:sporter@xxxxxxxxxxxx] Sent: Thursday, March 30, 2006 17:02
To: ftpapi@xxxxxxxxxxxxx
Subject: Re: SSL/GSKit message

Sender: Sean Porterfield <sporter@xxxxxxxxxxxx>

Goodbar, Loyd (ETS - Water Valley) wrote:

Scott, thanks for putting together the HTTPAPI - I was able to talk to Bank of America and retrieve mailbox files within a couple of days. A lot of that time was spent interpreting the conversation process and posting data correctly to the server. And the automatic cookie support is great!



Can you share? All I've been able to get is error 400 from them.

Are you using https://elink-http4.bankofamerica.com/ for your connection?

As for the other part, I never messed with https_init or https_cleanup, FWIW. 
-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubsribe from the list send mail
to majordomo@xxxxxxxxxxxxx with the body: unsubscribe ftpapi mymailaddr
-----------------------------------------------------------------------