[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: SSL connection issues



Scott,

I've been compiling the programs with DFTACTGRP(*NO) ACTGRP(*NEW), so I
didn't specify an activation group in the RCLACTGRP command.  I created an
application in the DCM and I'm trying the https_init() https_cleanup()
route.  I also examined the log  for the "second" set of programs and they
have the correct certificate (the one for the second business partner).
So... I'm not sure this is the problem after all.

You mentioned that HTTPAPI doesn't have code that checks if the SSL cert if
signed by a trusted authority.  One of the requirements from our business
partner is that we need to verify that the URL in the certificate returned
is correct.  Can I examine the URL in the cert through HTTPAPI.

Thanks again,

Barry

-----Original Message-----
From: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx
[mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx]On Behalf Of Scott Klement
Sent: Thursday, August 23, 2007 4:23 PM
To: HTTPAPI and FTPAPI Projects
Subject: Re: SSL connection issues


What activation group are you running your programs in, Barry?  Is it
possible that RCLACTGRP *ELIGIBLE isn't working for that group?

Or perhaps I'm wrong about the diagnosis -- it was just a guess anyway.
  Have you tried using a current version of HTTPAPI? (yours is more than
2 years out of date!)

Though, I'm skeptical that it'll matter.  HTTPAPI doesn't have any code
that checks if an SSL certificate is signed by a trusted authority.
That's the operating system's job!  So most likely, updating HTTPAPI
won't solve your problem.  But it'd make it a lot easier for you & I to
be having the same problems at the same time.  And if I ever need to
change the code to help you, I'm going to make those changes to the
current version and require you to upgrade.


Barry Shrum wrote:
> Thanks, Scott.  The "first" call is a production program which is used
> throughout the day by a number of users, so I can't change it right now.
As
> a test I executed the command RCLACTGRP ACTGRP(*ELIGIBLE) at a command
line,
> then ran the "second" (new) program.  I expected the request to fail but
it
> ran just fine and the debug log showed the correct digital certificate
> information for the second business partner.  Either I ran the RCLACTGRP
> command in the wrong place or the problem is caused by something else.
>
-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------

--
This message has been scanned and appears to be clean.

-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------