[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Problems with HTTPS using HTTP API

To: HTTPAPI and FTPAPI Projects <ftpapi@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: Problems with HTTPS using HTTP API
From: Scott Klement <sk@xxxxxxxxxxxxxxxx>
Date: Thu, 14 Jun 2007 18:19:08 -0500
In-reply-to: <46C341FD00C73A499B7712CCB1466114861290@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:ftpapi-request@lists.scottklement.com?subject=help>
List-id: HTTPAPI and FTPAPI Projects <ftpapi.lists.scottklement.com>
List-post: <mailto:ftpapi@lists.scottklement.com>
List-subscribe: <http://www.scottklement.com/mailman/listinfo/ftpapi>, <mailto:ftpapi-request@lists.scottklement.com?subject=subscribe>
List-unsubscribe: <http://www.scottklement.com/mailman/listinfo/ftpapi>, <mailto:ftpapi-request@lists.scottklement.com?subject=unsubscribe>
References: <46C341FD00C73A499B7712CCB14661147F5FE7@xxxxxxxxxxxxxxxxxxxxxxxxxxx> <46C341FD00C73A499B7712CCB1466114821569@xxxxxxxxxxxxxxxxxxxxxxxxxxx> <46C341FD00C73A499B7712CCB1466114861290@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
Reply-to: HTTPAPI and FTPAPI Projects <ftpapi@xxxxxxxxxxxxxxxxxxxxxx>
Sender: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx
User-agent: Thunderbird 1.5.0.12 (Windows/20070509)

Hi Nick,

Actually, there *is* no CONNECT statement, that's the whole problem, 
it's why things aren't working.

In my personal copy (not the one on my web site) of HTTPAPI, I've added 
code to try to get SSL working through a proxy.  It has worked in my 
preliminary tests.  Though, I haven't had time to do any regression testing.

If you'd be willing to try it, I'll put a test copy up on my web site.



Nick Townsend wrote:
> Scott/All,
> 
> I've been looking at the HTTP API code to see if I can work out what needs to be changed to make  HTTPS through our proxy work.  I haven't looked at the code much before - usually it just works, so there has been no need to.  I was expecting to find code that builds the CONNECT request that is sent out, but so far I haven't been able to.  Am I looking in the wrong places, or is this done "under the covers" by one of the IBM APIs?
> 
> As you can probably tell, I don't know much about how things work below the HTTP API, so any advice would be appreciated.
> 
> Nick
> _______________________________
> Nick Townsend
> Technical Leader
> Endsleigh Insurance Services Limited
> Telephone: 01242 866866 ext. 6426
> -----Original Message-----
> From: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx [mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Nick Townsend
> Sent: 11 June 2007 14:48
> To: HTTPAPI and FTPAPI Projects
> Subject: RE: Problems with HTTPS using HTTP API
> 
> Scott,
> 
> As I suspected, when we go directly to the Web Service without using the proxy everything works fine.
> 
> While googleing for more information I found a discussion thread (see http://forum.java.sun.com/thread.jspa?threadID=628570&tstart=255) where it is stated that the initial CONNECT should be unencrypted, and then the ensuing encrypted conversation is "tunnelled" through the proxy.
> 
> Regards,
> 
> Nick
> _______________________________
> Nick Townsend
> Technical Leader
> Endsleigh Insurance Services Limited
> Telephone: 01242 866866 ext. 6426
> -----Original Message-----
> From: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx [mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Nick Townsend
> Sent: 06 June 2007 10:11
> To: ftpapi@xxxxxxxxxxxxxxxxxxxxxx
> Subject: Re: Problems with HTTPS using HTTP API
> 
> Scott,
> 
> I've been doing some experimentation, and I think that you are correct - it is the combination of using SSL and a proxy that is causing the problem.  Looking at a communication trace I can see a message going out from the System I to the proxy which is rejected by the proxy with an HTTP status code 400 Bad Request.  The content of the message from the System I is unintelligible (to me), and the proxy doesn't seem to understand it either because it also returns an HTML page that says:
> 
>    Request Error (invalid request)
>    Your request could not be processed. Request could not be handled.
>    This could be caused by a misconfiguration, or possibly a malformed request.
> 
> As you suggest, I think that the System I is trying to open an SSL connection with the proxy rather than with the remote system.  Unfortunately I don't have any idea what the conversation with the proxy should be like for an SSL connection.
> 
> My next step will be to try to bypass the proxy and go directly to the remote host to see whether that works.
> 
> Nick
> _______________________________
> Nick Townsend
> Technical Leader
> Endsleigh Insurance Services Limited
> Telephone: 01242 866866 ext. 6426
> 
> 
> 
> Information contained in this email is intended for the use of the addressee only, and is confidential and may be the subject of legal professional privilege.  Any dissemination, distribution, copying or use of this communication without prior permission of the addressee is strictly prohibited.   If you have received this email in error please notify the Help Desk at Endsleigh on 01242 866866.
> The contents of an attachment to this email may contain software viruses, which could damage your computer system. While Endsleigh has taken every reasonable precaution to minimise this risk, we cannot accept liability for any damage, which you sustain as a result of software viruses. You should carry out your own virus checks before opening the attachment.
> www.endsleigh.co.uk
> Endsleigh Insurance Services Limited is authorised and regulated by the Financial Services Authority, this can be checked on the FSA Register by visiting their web site at www.fsa.gov.uk/register
> Company number: 856706
> Registered in England at Shurdington Road, Cheltenham Spa, Gloucestershire GL51 4UE
> 
> 
> -----------------------------------------------------------------------
> This is the FTPAPI mailing list.  To unsubscribe, please go to:
> http://www.scottklement.com/mailman/listinfo/ftpapi
> -----------------------------------------------------------------------
> 
> 
> 
> Information contained in this email is intended for the use of the addressee only, and is confidential and may be the subject of legal professional privilege.  Any dissemination, distribution, copying or use of this communication without prior permission of the addressee is strictly prohibited.   If you have received this email in error please notify the Help Desk at Endsleigh on 01242 866866. 
> The contents of an attachment to this email may contain software viruses, which could damage your computer system. While Endsleigh has taken every reasonable precaution to minimise this risk, we cannot accept liability for any damage, which you sustain as a result of software viruses. You should carry out your own virus checks before opening the attachment. 
> www.endsleigh.co.uk
> Endsleigh Insurance Services Limited is authorised and regulated by the Financial Services Authority, this can be checked on the FSA Register by visiting their web site at www.fsa.gov.uk/register
> Company number: 856706 
> Registered in England at Shurdington Road, Cheltenham Spa, Gloucestershire GL51 4UE
> 
> 
> -----------------------------------------------------------------------
> This is the FTPAPI mailing list.  To unsubscribe, please go to:
> http://www.scottklement.com/mailman/listinfo/ftpapi
> -----------------------------------------------------------------------

-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------

Follow-Ups:
- Re: Problems with HTTPS using HTTP API
  - From: Scott Klement
- Encoding SOAP XML string
  - From: Michelle_Himebaugh

References:
- Re: Problems with HTTPS using HTTP API
  - From: Nick Townsend
- RE: Problems with HTTPS using HTTP API
  - From: Nick Townsend
- RE: Problems with HTTPS using HTTP API
  - From: Nick Townsend

Prev by Date: Re: socket descriptor specified w/i gsk_handle not valid
Next by Date: Re: Problems with HTTPS using HTTP API
Previous by thread: RE: Problems with HTTPS using HTTP API
Next by thread: Re: Problems with HTTPS using HTTP API
Index(es):
- Date
- Thread