[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: HTTP 1.1/500 Error with Different user profiles



Odd indeed. 

Once the certificates are exchanged, basic authentication is passed, data is sent, why would one work and one not?

Just to verify, you compared the debugs from the top down to the receipt of data and both are identical?

You gave your user all special authorities and it still bombed? In which case we should be able to write off a problem on the client side of this transaction but it seems likely it something like that.

From other similar issues on the Google, this is some sort of certificate problem. None of this makes sense to me but I will admit that the GSkit stuff is way over my head.

Can the user ping the service? You have firewall rules? Is your firewall using man in the middle HTTPS technique? <Grasping at straws>



-----Original Message-----
From: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx [mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Vassilios Pierrakos
Sent: Wednesday, February 06, 2013 4:18 PM
To: HTTPAPI and FTPAPI Projects
Subject: Re: HTTP 1.1/500 Error with Different user profiles

The same username, password and certificates are being used. Both users call the same RPG Program, which has the username and password along with the URL, service description, etc. Moreover the same SOAP message is being generated.
The call is made from the same system using the same values as parameters and on the same server.
It's really odd...

On Feb 6, 2013, at 10:33 PM, Mike Krebs <mkrebs@xxxxxxxxxxxxxxxxxx> wrote:

> The server says " An error occurred when verifying security for the message." Kind of a generic and off-base message - until we know the cause. Then we will understand it.
> 
> But, you are using basic authentication. And you did a great job of obfuscating the obvious...Are you using the same user and password for your basic authentication?
> 
> And the second thing...are the certificates that are being exchanged the same?
> 
> 
> 
> 
> -----Original Message-----
> From: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx [mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Vasilios Pierrakos
> Sent: Wednesday, February 06, 2013 12:55 PM
> To: HTTPAPI and FTPAPI Projects
> Subject: Re: HTTP 1.1/500 Error with Different user profiles
> 
> Thank you for the quick response. Below you may find the logs:
> 
> *Correct:*
> 
> HTTPAPI Ver 1.24 released 2012-01-23
> OS/400 Ver V7R1M0
> 
> http_setauth(): entered
> http_persist_open(): entered
> http_long_ParseURL(): entered
> DNS resolver retrans: 2
> DNS resolver retry  : 2
> DNS resolver options: x'00000136'
> DNS default domain: ***.**
> DNS server found: **.**.**.**
> DNS server found: **.**.**.**
> https_init(): entered
> -------------------------------------------------------------------------------------
> Dump of local-side certificate information:
> -------------------------------------------------------------------------------------
> -------------------------------------------------------------------------------------
> Dump of server-side certificate information:
> -------------------------------------------------------------------------------------
> Cert Validation Code = 0
> -----BEGIN CERTIFICATE-----
> ****************************************
> -----END CERTIFICATE-----
> Serial Number: **:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**
> Common Name: **********************
> Issuer CN: **********************
> Version: 03
> not before: 20120405174414
> not after: 20291231230000
> pub key alg: *.*.***.*******.*.*.*
> 
> Protocol Used: TLS Version 1
> http_persist_post(): entered
> http_persist_req(POST) entered.
> http_long_ParseURL(): entered
> do_oper(POST): entered
> There are 0 cookies in the cache
> POST
> /**********************/**********************/**********************HTTP/1.1
> Host: **********************:****
> User-Agent: http-api/1.24
> Content-Type: application/soap+xml
> SOAPAction: http://**********************/**********************/
> Content-Length: 1627
> Authorization: Basic **********************
> 
> 
> senddoc(): entered
> <here goes the XML>
> recvresp(): entered
> HTTP/1.1 200 OK
> Content-Length: 1630
> Content-Type: application/soap+xml; charset=utf-8
> Server: Microsoft-IIS/7.5
> X-Powered-By: ASP.NET
> Date: Wed, 06 Feb 2013 18:17:19 GMT
> 
> 
> SetError() #13: HTTP/1.1 200 OK
> recvresp(): end with 200
> recvdoc parms: identity 1630
> header_load_cookies() entered
> recvdoc(): entered
> SetError() #0:
> <here goes the response XML>
> http_close(): entered
> 
> *With Error:*
> 
> HTTPAPI Ver 1.24 released 2012-01-23
> OS/400 Ver V7R1M0
> 
> http_setauth(): entered
> http_persist_open(): entered
> http_long_ParseURL(): entered
> DNS resolver retrans: 2
> DNS resolver retry  : 2
> DNS resolver options: x'00000136'
> DNS default domain: ***.**
> DNS server found: **.**.**.**
> DNS server found: **.**.**.**
> https_init(): entered
> -------------------------------------------------------------------------------------
> Dump of local-side certificate information:
> -------------------------------------------------------------------------------------
> -------------------------------------------------------------------------------------
> Dump of server-side certificate information:
> -------------------------------------------------------------------------------------
> Cert Validation Code = 0
> -----BEGIN CERTIFICATE-----
> ****************************************
> -----END CERTIFICATE-----
> Serial Number: **:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**
> Common Name: **********************
> Issuer CN: **********************
> Version: 03
> not before: 20120405174414
> not after: 20291231230000
> pub key alg:  *.*.***.*******.*.*.*
> 
> Protocol Used: TLS Version 1
> http_persist_post(): entered
> http_persist_req(POST) entered.
> http_long_ParseURL(): entered
> do_oper(POST): entered
> There are 0 cookies in the cache
> POST
> /**********************/**********************/**********************HTTP/1.1
> Host: **********************:****
> User-Agent: http-api/1.24
> Content-Type: application/soap+xml
> SOAPAction: http://**********************/**********************/
> Content-Length: 1627
> Authorization: Basic **********************
> 
> 
> senddoc(): entered
> <Here goes the XML>
> recvresp(): entered
> HTTP/1.1 500 Internal Server Error
> Content-Length: 576
> Content-Type: application/soap+xml; charset=utf-8
> Server: Microsoft-IIS/7.5
> X-Powered-By: ASP.NET
> Date: Wed, 06 Feb 2013 18:30:50 GMT
> 
> 
> SetError() #13: HTTP/1.1 500 Internal Server Error
> recvresp(): end with 500
> recvdoc parms: identity 576
> header_load_cookies() entered
> recvdoc(): entered
> SetError() #0:
> <s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope"; xmlns:a="
> http://www.w3.org/2005/08/addressing";><s:Header><a:Action
> s:mustUnderstand="1">http://www.w3.org/2005/08/addressing/soap/fault</a:Action></s:Header><s:Body><s:Fault><s:Code><s:Value>s:Sender</s:Value><s:Subcode><s:Value
> xmlns:a="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";>a:InvalidSecurity</s:Value></s:Subcode></s:Code><s:Reason><s:Text
> xml:lang="el-GR">An error occurred when verifying security for the
> message.</s:Text></s:Reason></s:Fault></s:Body></s:Envelope>
> SetError() #13: HTTP/1.1 500 Internal Server Error
> http_close(): entered
> 
> Thank you in advance.
> 
> 
> On 6 February 2013 20:15, Mike Krebs <mkrebs@xxxxxxxxxxxxxxxxxx> wrote:
> 
>> Not quite enough information as a 500 error is coming from the server you
>> are contacting and should not have a problem with the local user.
>> 
>> Can you share the debug logs when it works and when it doesn't?
>> 
>> 
>> -----Original Message-----
>> From: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx [mailto:
>> ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Vasilios Pierrakos
>> Sent: Wednesday, February 06, 2013 10:29 AM
>> To: HTTPAPI and FTPAPI Projects
>> Subject: HTTP 1.1/500 Error with Different user profiles
>> 
>> Dear All,
>> 
>> I am experiencing a strange problem:
>> I get HTTP 1.1/ 500 error with one user and not with another. The error
>> displayed in the Debug Log is that the security of the message cannot be
>> verified.
>> That's really strange since both users call the same RPG Program. I have
>> checked the Certificates permissions, object permissions etc. The user that
>> successfully calls the service is *QSECOFR. The thing is that I even tried
>> changing the user who gets the 500 error to *QSECOFR and nothing
>> happens......
>> 
>> Any help?
>> -----------------------------------------------------------------------
>> This is the FTPAPI mailing list.  To unsubscribe, please go to:
>> http://www.scottklement.com/mailman/listinfo/ftpapi
>> -----------------------------------------------------------------------
>> 
> -----------------------------------------------------------------------
> This is the FTPAPI mailing list.  To unsubscribe, please go to:
> http://www.scottklement.com/mailman/listinfo/ftpapi
> -----------------------------------------------------------------------

-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------
-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------