[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Problems with HTTPS using HTTP API

To: HTTPAPI and FTPAPI Projects <ftpapi@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: Problems with HTTPS using HTTP API
From: Scott Klement <sk@xxxxxxxxxxxxxxxx>
Date: Tue, 05 Jun 2007 14:12:29 -0500
In-reply-to: <46C341FD00C73A499B7712CCB14661147F5CEA@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:ftpapi-request@lists.scottklement.com?subject=help>
List-id: HTTPAPI and FTPAPI Projects <ftpapi.lists.scottklement.com>
List-post: <mailto:ftpapi@lists.scottklement.com>
List-subscribe: <http://www.scottklement.com/mailman/listinfo/ftpapi>, <mailto:ftpapi-request@lists.scottklement.com?subject=subscribe>
List-unsubscribe: <http://www.scottklement.com/mailman/listinfo/ftpapi>, <mailto:ftpapi-request@lists.scottklement.com?subject=unsubscribe>
References: <46C341FD00C73A499B7712CCB14661147F5CEA@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
Reply-to: HTTPAPI and FTPAPI Projects <ftpapi@xxxxxxxxxxxxxxxxxxxxxx>
Sender: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx
User-agent: Thunderbird 1.5.0.12 (Windows/20070509)

Hi Nick,

Looking over the code, I see that if you specify an SSL connection, and 
you use a proxy, it'll connect TO THE PROXY using SSL.  Is that correct 
behavior?  I have no idea, I know very little about proxies!   Since we 
don't actually connect to the destination host (because of the proxy) I 
can't see how we could talk SSL to the host...   Hmmm...

Does anyone on the list know how SSL and proxies are supposed to interact?

I'm not sure if this is helpful at all, but GSKit error 401 (which is 
what your log shows) is message id CPDBC8B on i5/OS.  You can use 
DSPMSGD CPDBC8B to get a little more detail:

  Message . . . . :   Peer not recognized or badly formatted message 
received.
  Cause . . . . . :   A Secure Sockets Layer (SSL) record was received 
from a
    peer which was not recognized, not valid, not expected, or has a 
format
    which is not supported. Also, the peer system might not have 
recognized the
    certificate authority which signed the local peer system 
certificate.
  Recovery  . . . :   Ensure the client and server are using compatible 
protocol
    versions of SSL. If the protocol versions are compatible, this may 
be a
    problem with the remote end points SSL implementation. Also, check 
to ensure
    that the peer system recognizes the certificate authority which 
signed the
    local peer system certificate. 






Nick Townsend wrote:
>    I am trying to consume a web service published by an external supplier
>    using HTTP API (version 1.19).  I have no problem with a test version
>    of the service that does not use HTTPS, but when I try to consume the
>    production version of the service which is secure I am getting an
>    error 401 (GSK_ERROR_BAD_MESSAGE) from gsk_secure_soc_init() when I
>    call http_url_post_raw().   The calls to HTTP API functions in my code
>    are as follows:
-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------

References:
- Problems with HTTPS using HTTP API
  - From: Nick Townsend

Prev by Date: Re: HTTPAPI and CCSID.....
Next by Date: Re: socket descriptor specified w/i gsk_handle not valid
Previous by thread: Problems with HTTPS using HTTP API
Next by thread: Re: Problems with HTTPS using HTTP API
Index(es):
- Date
- Thread