Hi, I am using HTTPAPI to consume a .net web service written by our PC developers. I've done this before without any problems, but they now want to use certificate-based authentication rather than basic HTTP authentication which we have used before. I generated a new cert to use for testing and provided the PC guys with it together with our internal CA cert, both of which they say they have loaded at their end. When I fire the web service with authentication switched off it works fine, but when authentication is on everything appears OK in the log until the response comes back from the web service, when GSKit throws a 410 error. I've attached the logs with authentication on and off, and the code of the test rig that I'm using. I've searched the archive and some time ago someone did ask about using certificates for authentication, but the answer seemed to be that HTTPAPI didn't support it. I Googled a bit and the Wikipedia entry for TLS has descriptions of the "Simple TLS handshake" and the "Client-authenticated TLS handshake" which suggest that there are extra exchanges that take place during the setup of an authenticated conversation, but if that was the problem here I would have expected the error to occur before things got as far as the sending of the request. I assume that GSKit must provide a way of doing whatever is required to authenticate using certificates, but looking at the API documentation has left me completely baffled. Can anyone see what I'm doing wrong or point me in the right direction to get this working? Thanks, Nick _______________________________ Nick Townsend Technical Architect Endsleigh Insurance Services Limited Telephone: +44 (0)1242 866426 __________________________________________________________________ Information contained in this email is intended for the use of the addressee only, and is confidential and may be the subject of legal professional privilege. Any dissemination, distribution, copying or use of this communication without prior permission of the addressee is strictly prohibited. If you have received this email in error please notify the Help Desk at Endsleigh on 01242 866866. The contents of an attachment to this email may contain software viruses, which could damage your computer system. While Endsleigh has taken every reasonable precaution to minimise this risk, we cannot accept liability for any damage, which you sustain as a result of software viruses. You should carry out your own virus checks before opening the attachment. http://www.endsleigh.co.uk Endsleigh Insurance Services Limited is authorised and regulated by the Financial Services Authority. This can be checked on the FSA Register by visiting its website at www.fsa.gov.uk/register/ Company number: 856706 Registered in England at Shurdington Road, Cheltenham Spa, Gloucestershire GL51 4UE
Attachment:
SoapClient.rpgle
Description: SoapClient.rpgle
HTTPAPI Ver 1.24beta9 released 2010-01-06 OS/400 Ver V7R1M0 New iconv() objects set, PostRem=819. PostLoc=0. ProtRem=819. ProtLoc=0 https_init(): entered ------------------------------------------------------------------------------------- Dump of local-side certificate information: ------------------------------------------------------------------------------------- -----BEGIN CERTIFICATE----- MIICkDCCAfmgAwIBAgIHUYEdMQLvqDANBgkqhkiG9w0BAQUFADCBnzELMAkGA1UE BhMCVUsxGDAWBgNVBAgTD0dsb3VjZXN0ZXJzaGlyZTETMBEGA1UEBxMKQ2hlbHRl bmhhbTElMCMGA1UEChMcRW5kc2xlaWdoIEluc3VyYW5jZSBTZXJ2aWNlczEQMA4G A1UECxMHVklOQ0VOVDEoMCYGA1UEAxMfRW5kc2xlaWdoIEluc3VyYW5jZSBTZXJ2 aWNlcyBDQTAeFw0xMzA0MzAxMzQ4MzNaFw0xNDA1MDExMzQ4MzNaMHYxCzAJBgNV BAYTAlVLMQ0wCwYDVQQIEwRHbG9zMRMwEQYDVQQHEwpDaGVsdGVuaGFtMSUwIwYD VQQKExxFbmRzbGVpZ2ggSW5zdXJhbmNlIFNlcnZpY2VzMRwwGgYDVQQDExNHZXRH cmVldGluZ1Rlc3RDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCzLmkW pXfVzOFSDoEuW41PLZgVAyEPT3E4WV07C8RXnSM+A1eVWop6nhgLj+DPwXg6dIwB Cqa2bAuRvJ1YphSsLtsdf3b+mMQ3mvyKWCs9Nl0Yw1Gf6SodKNUPDiP73uBhteyl FlJilBqt4YpbpM9KhXmD+p0KMHIQQgUHL1FHNQIDAQABMA0GCSqGSIb3DQEBBQUA A4GBAMDw/gxM0x16QNtGKdJc9k+ia83RCMmeXTTES6+KHhOAiOgya83zDaQkwSel qUOhNaRrVXRDhmG2E5haAl1EorMKsI2UDglOXlOrxEtHNBPFzZftNd42XwThNqx9 pokpUImr5oAV5j6s4nNcHGb57qroX4zebWvhAiwNSUgsWe/i -----END CERTIFICATE----- Serial Number: 51:81:1D:31:02:EF:A8 Common Name: GetGreetingTestCert Country: UK State/Province: Glos Locality: Cheltenham Org Unit: Endsleigh Insurance Services Issuer CN: Endsleigh Insurance Services CA Issuer Country: UK Issuer State/Province: Gloucestershire Issuer Locality: Cheltenham Issuer Org: Endsleigh Insurance Services Issuer Org Unit: VINCENT Version: 03 not before: 20130430144833 not after: 20140501144833 pub key alg: 1.2.840.113549.1.1.5 http_persist_open(): entered http_long_ParseURL(): entered DNS resolver retrans: 2 DNS resolver retry : 2 DNS resolver options: x'00001136' DNS default domain: endsleigh.co.uk DNS server found: 10.30.2.3 DNS server found: 10.30.2.4 ------------------------------------------------------------------------------------- Dump of server-side certificate information: ------------------------------------------------------------------------------------- Cert Validation Code = 6000 -----BEGIN CERTIFICATE----- MIIByTCCATagAwIBAgIQN6vSQFeejr5D/aJNKQUrmDAJBgUrDgMCHQUAMBQxEjAQ BgNVBAMTCWxvY2FsaG9zdDAeFw0xMjA5MjYxMjAwMDlaFw0yMjA5MjYwMDAwMDBa MBQxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC gYEAp4dIzkYnBGkjf62tfwu0FCG5YS4Vs45nq/OfgHgk8dsSeWS/HSbrD2QzFVid CnNuBiNYeOssTv8xMD3inrDKARuVNnMgJSnFsZT5qEsqewwWkBPxKbq+Z3U1dCEr 7/Qv1eMFt525gJW40SrLdKHzWSX1/mcrbq6Kc69NAp7AhB8CAwEAAaMkMCIwCwYD VR0PBAQDAgSwMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAkGBSsOAwIdBQADgYEATCtj H1Wvjv98BuMSYSD6N2aI73k+8455pu6WUii8tXI6L6SBHB1B7SkBeusUxg9h5wzT CQhQQc/tytV31nUKIwTxvCw3Hk1/ka8JVKWcB+E2XXYH7A0omi/NwwyMA38Z05qk OEHNL1EmRcVHYB8WZyefDGWxf5LFbqKlE7Jm/v0= -----END CERTIFICATE----- Serial Number: 37:AB:D2:40:57:9E:8E:BE:43:FD:A2:4D:29:05:2B:98 Common Name: localhost Issuer CN: localhost Version: 03 not before: 20120926130009 not after: 20220926010000 pub key alg: 1.3.14.3.2.29 Protocol Used: TLS Version 1 http_persist_post(): entered http_long_ParseURL(): entered do_oper(POST): entered POST /GreetingService.svc HTTP/1.1 Host: shnsdw02:44300 User-Agent: http-api/1.24 Content-Type: text/xml; charset=utf-8 SOAPAction: "http://tempuri.org/IGreetingService/GetGreeting" Content-Length: 136 senddoc(): entered <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><GetGreeting xmlns="http://tempuri.org/"/></s:Body></s:Envelope> recvresp(): entered (GSKit) Peer not recognized or badly formatted message received. ssl_error(410): (GSKit) Peer not recognized or badly formatted message received. SetError() #44: CommSSL_read: read:(GSKit) Peer not recognized or badly formatted message recei recvresp(): end with err http_close(): entered
HTTPAPI Ver 1.24beta9 released 2010-01-06 OS/400 Ver V7R1M0 New iconv() objects set, PostRem=819. PostLoc=0. ProtRem=819. ProtLoc=0 https_init(): entered ------------------------------------------------------------------------------------- Dump of local-side certificate information: ------------------------------------------------------------------------------------- -----BEGIN CERTIFICATE----- MIICkDCCAfmgAwIBAgIHUYEdMQLvqDANBgkqhkiG9w0BAQUFADCBnzELMAkGA1UE BhMCVUsxGDAWBgNVBAgTD0dsb3VjZXN0ZXJzaGlyZTETMBEGA1UEBxMKQ2hlbHRl bmhhbTElMCMGA1UEChMcRW5kc2xlaWdoIEluc3VyYW5jZSBTZXJ2aWNlczEQMA4G A1UECxMHVklOQ0VOVDEoMCYGA1UEAxMfRW5kc2xlaWdoIEluc3VyYW5jZSBTZXJ2 aWNlcyBDQTAeFw0xMzA0MzAxMzQ4MzNaFw0xNDA1MDExMzQ4MzNaMHYxCzAJBgNV BAYTAlVLMQ0wCwYDVQQIEwRHbG9zMRMwEQYDVQQHEwpDaGVsdGVuaGFtMSUwIwYD VQQKExxFbmRzbGVpZ2ggSW5zdXJhbmNlIFNlcnZpY2VzMRwwGgYDVQQDExNHZXRH cmVldGluZ1Rlc3RDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCzLmkW pXfVzOFSDoEuW41PLZgVAyEPT3E4WV07C8RXnSM+A1eVWop6nhgLj+DPwXg6dIwB Cqa2bAuRvJ1YphSsLtsdf3b+mMQ3mvyKWCs9Nl0Yw1Gf6SodKNUPDiP73uBhteyl FlJilBqt4YpbpM9KhXmD+p0KMHIQQgUHL1FHNQIDAQABMA0GCSqGSIb3DQEBBQUA A4GBAMDw/gxM0x16QNtGKdJc9k+ia83RCMmeXTTES6+KHhOAiOgya83zDaQkwSel qUOhNaRrVXRDhmG2E5haAl1EorMKsI2UDglOXlOrxEtHNBPFzZftNd42XwThNqx9 pokpUImr5oAV5j6s4nNcHGb57qroX4zebWvhAiwNSUgsWe/i -----END CERTIFICATE----- Serial Number: 51:81:1D:31:02:EF:A8 Common Name: GetGreetingTestCert Country: UK State/Province: Glos Locality: Cheltenham Org Unit: Endsleigh Insurance Services Issuer CN: Endsleigh Insurance Services CA Issuer Country: UK Issuer State/Province: Gloucestershire Issuer Locality: Cheltenham Issuer Org: Endsleigh Insurance Services Issuer Org Unit: VINCENT Version: 03 not before: 20130430144833 not after: 20140501144833 pub key alg: 1.2.840.113549.1.1.5 http_persist_open(): entered http_long_ParseURL(): entered DNS resolver retrans: 2 DNS resolver retry : 2 DNS resolver options: x'00001136' DNS default domain: endsleigh.co.uk DNS server found: 10.30.2.3 DNS server found: 10.30.2.4 ------------------------------------------------------------------------------------- Dump of server-side certificate information: ------------------------------------------------------------------------------------- Cert Validation Code = 6000 -----BEGIN CERTIFICATE----- MIIByTCCATagAwIBAgIQN6vSQFeejr5D/aJNKQUrmDAJBgUrDgMCHQUAMBQxEjAQ BgNVBAMTCWxvY2FsaG9zdDAeFw0xMjA5MjYxMjAwMDlaFw0yMjA5MjYwMDAwMDBa MBQxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC gYEAp4dIzkYnBGkjf62tfwu0FCG5YS4Vs45nq/OfgHgk8dsSeWS/HSbrD2QzFVid CnNuBiNYeOssTv8xMD3inrDKARuVNnMgJSnFsZT5qEsqewwWkBPxKbq+Z3U1dCEr 7/Qv1eMFt525gJW40SrLdKHzWSX1/mcrbq6Kc69NAp7AhB8CAwEAAaMkMCIwCwYD VR0PBAQDAgSwMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAkGBSsOAwIdBQADgYEATCtj H1Wvjv98BuMSYSD6N2aI73k+8455pu6WUii8tXI6L6SBHB1B7SkBeusUxg9h5wzT CQhQQc/tytV31nUKIwTxvCw3Hk1/ka8JVKWcB+E2XXYH7A0omi/NwwyMA38Z05qk OEHNL1EmRcVHYB8WZyefDGWxf5LFbqKlE7Jm/v0= -----END CERTIFICATE----- Serial Number: 37:AB:D2:40:57:9E:8E:BE:43:FD:A2:4D:29:05:2B:98 Common Name: localhost Issuer CN: localhost Version: 03 not before: 20120926130009 not after: 20220926010000 pub key alg: 1.3.14.3.2.29 Protocol Used: TLS Version 1 http_persist_post(): entered http_long_ParseURL(): entered do_oper(POST): entered POST /GreetingService.svc HTTP/1.1 Host: shnsdw02:44300 User-Agent: http-api/1.24 Content-Type: text/xml; charset=utf-8 SOAPAction: "http://tempuri.org/IGreetingService/GetGreeting" Content-Length: 136 senddoc(): entered <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><GetGreeting xmlns="http://tempuri.org/"/></s:Body></s:Envelope> recvresp(): entered HTTP/1.1 200 OK Content-Length: 361 Content-Type: text/xml; charset=utf-8 Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET Date: Wed, 01 May 2013 15:39:39 GMT SetError() #13: HTTP/1.1 200 OK recvresp(): end with 200 recvdoc parms: identity 361 header_load_cookies() entered recvdoc(): entered SetError() #0: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><GetGreetingResponse xmlns="http://tempuri.org/"><GetGreetingResult xmlns:a="http://schemas.datacontract.org/2004/07/BasicAuthenticationTest" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"><a:Greeting>Hello </a:Greeting></GetGreetingResult></GetGreetingResponse></s:Body></s:Envelope> http_close(): entered
----------------------------------------------------------------------- This is the FTPAPI mailing list. To unsubscribe, please go to: http://www.scottklement.com/mailman/listinfo/ftpapi -----------------------------------------------------------------------