[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: ups changes



We have been using HTTPAPI and chained certificates (Root + Intermediate)
for many years.
There was a change in the way that OS400 worked with SSL certs from V5R3
Prior to that a missing Intermediate certificate was ignored.
After that the Intermediate must be present (we always 'trust' that cert to
our App).
Also when installing intermediates the root cert must be present first.

Just to confirm Scott's note, we never had to make any changes to our apps
or HTTPAPI for SSL V3

Regards

Ian Patterson

-----Original Message-----
From: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx
[mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx]On Behalf Of Scott Klement
Sent: 19 December 2008 00:18
To: HTTPAPI and FTPAPI Projects
Subject: Re: ups changes


Larry,

I haven't tried it... but I doubt that any changes would be necessary.
Chained certificates are a standard feature of SSL v3.0, which was
released by Netscape Communications Corporation in 1996.  Not exactly
new stuff.

To the best of my knowledge, all you need is to be running V4R5 of
OS/400 or later (no, I didn't transpose numbers.  I mean V4R5, the one
released in 2000)

I haven't tried it... so please let us know if there's a problem.  But
I'd be very surprised.

For sure, it won't involve any coding changes.  The stuff that has to be
done differently is internal to the operating system, and wouldn't have
any direct effect on your code (or HTTPAPI's code).  However, there's a
slight chance you'd need to import extra certificates into the DCM.
But, even that seems unlikely...



Larry Kleinman wrote:
>    Hi - I have been using (a modified by me version of ) EXAMPLE16 from
>    LIBHTTP in order to get shipping rates from UPS. I got an email,
>    relevant portion of which is copied below, from UPS that sounds like I
>    might have to make some changes. Do I?
-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------

-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------