[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Problems with HTTPS using HTTP API



Scott/All,

I've been looking at the HTTP API code to see if I can work out what needs to be changed to make  HTTPS through our proxy work.  I haven't looked at the code much before - usually it just works, so there has been no need to.  I was expecting to find code that builds the CONNECT request that is sent out, but so far I haven't been able to.  Am I looking in the wrong places, or is this done "under the covers" by one of the IBM APIs?

As you can probably tell, I don't know much about how things work below the HTTP API, so any advice would be appreciated.

Nick
_______________________________
Nick Townsend
Technical Leader
Endsleigh Insurance Services Limited
Telephone: 01242 866866 ext. 6426
-----Original Message-----
From: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx [mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Nick Townsend
Sent: 11 June 2007 14:48
To: HTTPAPI and FTPAPI Projects
Subject: RE: Problems with HTTPS using HTTP API

Scott,

As I suspected, when we go directly to the Web Service without using the proxy everything works fine.

While googleing for more information I found a discussion thread (see http://forum.java.sun.com/thread.jspa?threadID=628570&tstart=255) where it is stated that the initial CONNECT should be unencrypted, and then the ensuing encrypted conversation is "tunnelled" through the proxy.

Regards,

Nick
_______________________________
Nick Townsend
Technical Leader
Endsleigh Insurance Services Limited
Telephone: 01242 866866 ext. 6426
-----Original Message-----
From: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx [mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Nick Townsend
Sent: 06 June 2007 10:11
To: ftpapi@xxxxxxxxxxxxxxxxxxxxxx
Subject: Re: Problems with HTTPS using HTTP API

Scott,

I've been doing some experimentation, and I think that you are correct - it is the combination of using SSL and a proxy that is causing the problem.  Looking at a communication trace I can see a message going out from the System I to the proxy which is rejected by the proxy with an HTTP status code 400 Bad Request.  The content of the message from the System I is unintelligible (to me), and the proxy doesn't seem to understand it either because it also returns an HTML page that says:

   Request Error (invalid request)
   Your request could not be processed. Request could not be handled.
   This could be caused by a misconfiguration, or possibly a malformed request.

As you suggest, I think that the System I is trying to open an SSL connection with the proxy rather than with the remote system.  Unfortunately I don't have any idea what the conversation with the proxy should be like for an SSL connection.

My next step will be to try to bypass the proxy and go directly to the remote host to see whether that works.

Nick
_______________________________
Nick Townsend
Technical Leader
Endsleigh Insurance Services Limited
Telephone: 01242 866866 ext. 6426



Information contained in this email is intended for the use of the addressee only, and is confidential and may be the subject of legal professional privilege.  Any dissemination, distribution, copying or use of this communication without prior permission of the addressee is strictly prohibited.   If you have received this email in error please notify the Help Desk at Endsleigh on 01242 866866.
The contents of an attachment to this email may contain software viruses, which could damage your computer system. While Endsleigh has taken every reasonable precaution to minimise this risk, we cannot accept liability for any damage, which you sustain as a result of software viruses. You should carry out your own virus checks before opening the attachment.
www.endsleigh.co.uk
Endsleigh Insurance Services Limited is authorised and regulated by the Financial Services Authority, this can be checked on the FSA Register by visiting their web site at www.fsa.gov.uk/register
Company number: 856706
Registered in England at Shurdington Road, Cheltenham Spa, Gloucestershire GL51 4UE


-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------



Information contained in this email is intended for the use of the addressee only, and is confidential and may be the subject of legal professional privilege.  Any dissemination, distribution, copying or use of this communication without prior permission of the addressee is strictly prohibited.   If you have received this email in error please notify the Help Desk at Endsleigh on 01242 866866. 
The contents of an attachment to this email may contain software viruses, which could damage your computer system. While Endsleigh has taken every reasonable precaution to minimise this risk, we cannot accept liability for any damage, which you sustain as a result of software viruses. You should carry out your own virus checks before opening the attachment. 
www.endsleigh.co.uk
Endsleigh Insurance Services Limited is authorised and regulated by the Financial Services Authority, this can be checked on the FSA Register by visiting their web site at www.fsa.gov.uk/register
Company number: 856706 
Registered in England at Shurdington Road, Cheltenham Spa, Gloucestershire GL51 4UE


-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------