[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SSL connection issues
Barry Shrum wrote:
> I've been compiling the programs with DFTACTGRP(*NO) ACTGRP(*NEW), so
> I didn't specify an activation group in the RCLACTGRP command.
If you're using ACTGRP(*NEW) the RCLACTGRP is pointless. ACTGRP(*NEW)
will **automatically** reclaim as soon as the program ends.
> I created an application in the DCM and I'm trying the https_init()
> https_cleanup() route. I also examined the log for the "second" set
> of programs and they have the correct certificate (the one for the
> second business partner). So... I'm not sure this is the problem
> after all.
No, I'd say it's not the problem. Not if you're using ACTGRP(*NEW).
> You mentioned that HTTPAPI doesn't have code that checks if the SSL
> cert if signed by a trusted authority. One of the requirements from
> our business partner is that we need to verify that the URL in the
> certificate returned is correct. Can I examine the URL in the cert
> through HTTPAPI.
You misunderstand.
Your certificates **ARE** being validated. (If they weren't, you
couldn't get a "not signed by trusted authority" error message!!)
But the validation is being done by i5/OS, not by HTTPAPI. HTTPAPI says
"hey operating system, I'd like to turn my connection into an SSL
connection" and i5/OS does all of the work, including certificate
validation.
My point is that if there's a bug in the way certificate validation is
done, there's very little I can do about it, since I don't have the code
for the operating system.
-----------------------------------------------------------------------
This is the FTPAPI mailing list. To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------