[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Problems with HTTPS using HTTP API



Scott,

Everything has been going well with our testing using HTTPAPI Ver 1.21pre1.  So well that we are probably going to be putting the application live next week.

The only minor thing that I have found occurs if I attempt to send a request to an invalid https URL. What comes back is a GSKit error 'Peer not recognized or badly formatted message received.' rather than an http error response code.  See the attached file for the debug output for such a request.  If I attempt to send the same request using an http URL rather than using https what I get is a 503 'Service Unavailable' response from the proxy.

Is that what you would expect to happen, or is it a bug?  I presume that what is happening is that the proxy is sending back a non-encrypted response, but the System i is expecting any response to be encrypted.

Regards,

Nick

_______________________________
Nick Townsend
Technical Leader
Endsleigh Insurance Services Limited
Telephone: 01242 866866 ext. 6426
-----Original Message-----
From: Nick Townsend
Sent: 19 June 2007 13:57
To: 'HTTPAPI and FTPAPI Projects'
Subject: RE: Problems with HTTPS using HTTP API

Scott,

I've downloaded the new version of HTTP API and it seems to work fine.  We are running i5/OS V5R4.
I can't do much in the way of regression testing as the application that I am testing is the only
thing we have that uses the HTTP API at present.  I will continue my testing an keep you posted if
any problems come up.

Thanks,

Nick
_______________________________
Nick Townsend
Technical Leader
Endsleigh Insurance Services Limited
Telephone: 01242 866866 ext. 6426
-----Original Message-----
From: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx [mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Nick Townsend
Sent: 14 June 2007 16:57
To: HTTPAPI and FTPAPI Projects
Subject: RE: Problems with HTTPS using HTTP API

Scott/All,

I've been looking at the HTTP API code to see if I can work out what needs to be changed to make  HTTPS through our proxy work.  I haven't looked at the code much before - usually it just works, so there has been no need to.  I was expecting to find code that builds the CONNECT request that is sent out, but so far I haven't been able to.  Am I looking in the wrong places, or is this done "under the covers" by one of the IBM APIs?

As you can probably tell, I don't know much about how things work below the HTTP API, so any advice would be appreciated.

Nick
_______________________________
Nick Townsend
Technical Leader
Endsleigh Insurance Services Limited
Telephone: 01242 866866 ext. 6426
-----Original Message-----
From: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx [mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Nick Townsend
Sent: 11 June 2007 14:48
To: HTTPAPI and FTPAPI Projects
Subject: RE: Problems with HTTPS using HTTP API

Scott,

As I suspected, when we go directly to the Web Service without using the proxy everything works fine.

While googleing for more information I found a discussion thread (see http://forum.java.sun.com/thread.jspa?threadID=628570&tstart=255) where it is stated that the initial CONNECT should be unencrypted, and then the ensuing encrypted conversation is "tunnelled" through the proxy.

Regards,

Nick
_______________________________
Nick Townsend
Technical Leader
Endsleigh Insurance Services Limited
Telephone: 01242 866866 ext. 6426
-----Original Message-----
From: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx [mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Nick Townsend
Sent: 06 June 2007 10:11
To: ftpapi@xxxxxxxxxxxxxxxxxxxxxx
Subject: Re: Problems with HTTPS using HTTP API

Scott,

I've been doing some experimentation, and I think that you are correct - it is the combination of using SSL and a proxy that is causing the problem.  Looking at a communication trace I can see a message going out from the System I to the proxy which is rejected by the proxy with an HTTP status code 400 Bad Request.  The content of the message from the System I is unintelligible (to me), and the proxy doesn't seem to understand it either because it also returns an HTML page that says:

   Request Error (invalid request)
   Your request could not be processed. Request could not be handled.
   This could be caused by a misconfiguration, or possibly a malformed request.

As you suggest, I think that the System I is trying to open an SSL connection with the proxy rather than with the remote system.  Unfortunately I don't have any idea what the conversation with the proxy should be like for an SSL connection.

My next step will be to try to bypass the proxy and go directly to the remote host to see whether that works.

Nick
_______________________________
Nick Townsend
Technical Leader
Endsleigh Insurance Services Limited
Telephone: 01242 866866 ext. 6426



Information contained in this email is intended for the use of the addressee only, and is confidential and may be the subject of legal professional privilege.  Any dissemination, distribution, copying or use of this communication without prior permission of the addressee is strictly prohibited.   If you have received this email in error please notify the Help Desk at Endsleigh on 01242 866866.
The contents of an attachment to this email may contain software viruses, which could damage your computer system. While Endsleigh has taken every reasonable precaution to minimise this risk, we cannot accept liability for any damage, which you sustain as a result of software viruses. You should carry out your own virus checks before opening the attachment.
www.endsleigh.co.uk
Endsleigh Insurance Services Limited is authorised and regulated by the Financial Services Authority, this can be checked on the FSA Register by visiting their web site at www.fsa.gov.uk/register
Company number: 856706
Registered in England at Shurdington Road, Cheltenham Spa, Gloucestershire GL51 4UE


-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------



Information contained in this email is intended for the use of the addressee only, and is confidential and may be the subject of legal professional privilege.  Any dissemination, distribution, copying or use of this communication without prior permission of the addressee is strictly prohibited.   If you have received this email in error please notify the Help Desk at Endsleigh on 01242 866866.
The contents of an attachment to this email may contain software viruses, which could damage your computer system. While Endsleigh has taken every reasonable precaution to minimise this risk, we cannot accept liability for any damage, which you sustain as a result of software viruses. You should carry out your own virus checks before opening the attachment.
www.endsleigh.co.uk
Endsleigh Insurance Services Limited is authorised and regulated by the Financial Services Authority, this can be checked on the FSA Register by visiting their web site at www.fsa.gov.uk/register
Company number: 856706
Registered in England at Shurdington Road, Cheltenham Spa, Gloucestershire GL51 4UE


-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------




Information contained in this email is intended for the use of the addressee only, and is confidential and may be the subject of legal professional privilege.  Any dissemination, distribution, copying or use of this communication without prior permission of the addressee is strictly prohibited.   If you have received this email in error please notify the Help Desk at Endsleigh on 01242 866866. 
The contents of an attachment to this email may contain software viruses, which could damage your computer system. While Endsleigh has taken every reasonable precaution to minimise this risk, we cannot accept liability for any damage, which you sustain as a result of software viruses. You should carry out your own virus checks before opening the attachment. 
www.endsleigh.co.uk
Endsleigh Insurance Services Limited is authorised and regulated by the Financial Services Authority, this can be checked on the FSA Register by visiting their web site at www.fsa.gov.uk/register
Company number: 856706 
Registered in England at Shurdington Road, Cheltenham Spa, Gloucestershire GL51 4UE


HTTPAPI Ver 1.21pre1 released 2007-06-14

New iconv() objects set, PostRem=819. PostLoc=0. ProtRem=819. ProtLoc=0
https_init(): entered
-------------------------------------------------------------------------------------
Dump of local-side certificate information:
-------------------------------------------------------------------------------------
http_persist_open(): entered
http_long_ParseURL(): entered
CONNECT www.Xutomotivemxin.com:443 HTTP/1.1
Host: www.Xutomotivemxin.com HTTP/1.1
User-Agent: http-api/1.20
Proxy-Connection: keep-alive


recvresp(): entered
HTTP/1.1 200 Connection established


SetError() #13: HTTP/1.1 200 Connection established
recvdoc parms: identity 0
header_load_cookies() entered
(GSKit) Peer not recognized or badly formatted message received.
ssl_error(415): (GSKit) Peer not recognized or badly formatted message received.
SetError() #30: SSL Handshake: (GSKit) Peer not recognized or badly formatted message received.
-------------------------------------------------------------------------------------
Dump of server-side certificate information:
-------------------------------------------------------------------------------------
Cert Validation Code = 0
-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------