Hi,
I am using HTTPAPI to consume a .net web service written by our PC
developers. I've done this before without any problems, but they now
want to use certificate-based authentication rather than basic HTTP
authentication which we have used before. I generated a new cert to
use for testing and provided the PC guys with it together with our
internal CA cert, both of which they say they have loaded at their
end. When I fire the web service with authentication switched off it
works fine, but when authentication is on everything appears OK in the
log until the response comes back from the web service, when GSKit
throws a 410 error. I've attached the logs with authentication on and
off, and the code of the test rig that I'm using.
I've searched the archive and some time ago someone did ask about using
certificates for authentication, but the answer seemed to be that
HTTPAPI didn't support it. I Googled a bit and the Wikipedia entry for
TLS has descriptions of the "Simple TLS handshake" and the
"Client-authenticated TLS handshake" which suggest that there are extra
exchanges that take place during the setup of an authenticated
conversation, but if that was the problem here I would have expected
the error to occur before things got as far as the sending of the
request.
I assume that GSKit must provide a way of doing whatever is required to
authenticate using certificates, but looking at the API documentation
has left me completely baffled. Can anyone see what I'm doing wrong or
point me in the right direction to get this working?
Thanks,
Nick
_______________________________
Nick Townsend
Technical Architect
Endsleigh Insurance Services Limited
Telephone: +44 (0)1242 866426
__________________________________________________________________
Information contained in this email is intended for the use of the
addressee only, and is confidential and may be the subject of legal
professional privilege. Any dissemination, distribution, copying or use
of this communication without prior permission of the addressee is
strictly prohibited. If you have received this email in error please
notify the Help Desk at Endsleigh on 01242 866866.
The contents of an attachment to this email may contain software
viruses, which could damage your computer system. While Endsleigh has
taken every reasonable precaution to minimise this risk, we cannot
accept liability for any damage, which you sustain as a result of
software viruses. You should carry out your own virus checks before
opening the attachment.
http://www.endsleigh.co.uk
Endsleigh Insurance Services Limited is authorised and regulated by the
Financial Services Authority. This can be checked on the FSA Register
by visiting its website at www.fsa.gov.uk/register/
Company number: 856706
Registered in England at Shurdington Road, Cheltenham Spa,
Gloucestershire GL51 4UE
Attachment:
SoapClient.rpgle
Description: SoapClient.rpgle
HTTPAPI Ver 1.24beta9 released 2010-01-06 OS/400 Ver V7R1M0 New iconv() objects set, PostRem=819. PostLoc=0. ProtRem=819. ProtLoc=0 https_init(): entered ------------------------------------------------------------------------------------- Dump of local-side certificate information: ------------------------------------------------------------------------------------- -----BEGIN CERTIFICATE----- MIICkDCCAfmgAwIBAgIHUYEdMQLvqDANBgkqhkiG9w0BAQUFADCBnzELMAkGA1UE BhMCVUsxGDAWBgNVBAgTD0dsb3VjZXN0ZXJzaGlyZTETMBEGA1UEBxMKQ2hlbHRl bmhhbTElMCMGA1UEChMcRW5kc2xlaWdoIEluc3VyYW5jZSBTZXJ2aWNlczEQMA4G A1UECxMHVklOQ0VOVDEoMCYGA1UEAxMfRW5kc2xlaWdoIEluc3VyYW5jZSBTZXJ2 aWNlcyBDQTAeFw0xMzA0MzAxMzQ4MzNaFw0xNDA1MDExMzQ4MzNaMHYxCzAJBgNV BAYTAlVLMQ0wCwYDVQQIEwRHbG9zMRMwEQYDVQQHEwpDaGVsdGVuaGFtMSUwIwYD VQQKExxFbmRzbGVpZ2ggSW5zdXJhbmNlIFNlcnZpY2VzMRwwGgYDVQQDExNHZXRH cmVldGluZ1Rlc3RDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCzLmkW pXfVzOFSDoEuW41PLZgVAyEPT3E4WV07C8RXnSM+A1eVWop6nhgLj+DPwXg6dIwB Cqa2bAuRvJ1YphSsLtsdf3b+mMQ3mvyKWCs9Nl0Yw1Gf6SodKNUPDiP73uBhteyl FlJilBqt4YpbpM9KhXmD+p0KMHIQQgUHL1FHNQIDAQABMA0GCSqGSIb3DQEBBQUA A4GBAMDw/gxM0x16QNtGKdJc9k+ia83RCMmeXTTES6+KHhOAiOgya83zDaQkwSel qUOhNaRrVXRDhmG2E5haAl1EorMKsI2UDglOXlOrxEtHNBPFzZftNd42XwThNqx9 pokpUImr5oAV5j6s4nNcHGb57qroX4zebWvhAiwNSUgsWe/i -----END CERTIFICATE----- Serial Number: 51:81:1D:31:02:EF:A8 Common Name: GetGreetingTestCert Country: UK State/Province: Glos Locality: Cheltenham Org Unit: Endsleigh Insurance Services Issuer CN: Endsleigh Insurance Services CA Issuer Country: UK Issuer State/Province: Gloucestershire Issuer Locality: Cheltenham Issuer Org: Endsleigh Insurance Services Issuer Org Unit: VINCENT Version: 03 not before: 20130430144833 not after: 20140501144833 pub key alg: 1.2.840.113549.1.1.5 http_persist_open(): entered http_long_ParseURL(): entered DNS resolver retrans: 2 DNS resolver retry : 2 DNS resolver options: x'00001136' DNS default domain: endsleigh.co.uk DNS server found: 10.30.2.3 DNS server found: 10.30.2.4 ------------------------------------------------------------------------------------- Dump of server-side certificate information: ------------------------------------------------------------------------------------- Cert Validation Code = 6000 -----BEGIN CERTIFICATE----- MIIByTCCATagAwIBAgIQN6vSQFeejr5D/aJNKQUrmDAJBgUrDgMCHQUAMBQxEjAQ BgNVBAMTCWxvY2FsaG9zdDAeFw0xMjA5MjYxMjAwMDlaFw0yMjA5MjYwMDAwMDBa MBQxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC gYEAp4dIzkYnBGkjf62tfwu0FCG5YS4Vs45nq/OfgHgk8dsSeWS/HSbrD2QzFVid CnNuBiNYeOssTv8xMD3inrDKARuVNnMgJSnFsZT5qEsqewwWkBPxKbq+Z3U1dCEr 7/Qv1eMFt525gJW40SrLdKHzWSX1/mcrbq6Kc69NAp7AhB8CAwEAAaMkMCIwCwYD VR0PBAQDAgSwMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAkGBSsOAwIdBQADgYEATCtj H1Wvjv98BuMSYSD6N2aI73k+8455pu6WUii8tXI6L6SBHB1B7SkBeusUxg9h5wzT CQhQQc/tytV31nUKIwTxvCw3Hk1/ka8JVKWcB+E2XXYH7A0omi/NwwyMA38Z05qk OEHNL1EmRcVHYB8WZyefDGWxf5LFbqKlE7Jm/v0= -----END CERTIFICATE----- Serial Number: 37:AB:D2:40:57:9E:8E:BE:43:FD:A2:4D:29:05:2B:98 Common Name: localhost Issuer CN: localhost Version: 03 not before: 20120926130009 not after: 20220926010000 pub key alg: 1.3.14.3.2.29 Protocol Used: TLS Version 1 http_persist_post(): entered http_long_ParseURL(): entered do_oper(POST): entered POST /GreetingService.svc HTTP/1.1 Host: shnsdw02:44300 User-Agent: http-api/1.24 Content-Type: text/xml; charset=utf-8 SOAPAction: "http://tempuri.org/IGreetingService/GetGreeting"; Content-Length: 136 senddoc(): entered <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/";><s:Body><GetGreeting xmlns="http://tempuri.org/"/></s:Body></s:Envelope> recvresp(): entered (GSKit) Peer not recognized or badly formatted message received. ssl_error(410): (GSKit) Peer not recognized or badly formatted message received. SetError() #44: CommSSL_read: read:(GSKit) Peer not recognized or badly formatted message recei recvresp(): end with err http_close(): entered
HTTPAPI Ver 1.24beta9 released 2010-01-06 OS/400 Ver V7R1M0 New iconv() objects set, PostRem=819. PostLoc=0. ProtRem=819. ProtLoc=0 https_init(): entered ------------------------------------------------------------------------------------- Dump of local-side certificate information: ------------------------------------------------------------------------------------- -----BEGIN CERTIFICATE----- MIICkDCCAfmgAwIBAgIHUYEdMQLvqDANBgkqhkiG9w0BAQUFADCBnzELMAkGA1UE BhMCVUsxGDAWBgNVBAgTD0dsb3VjZXN0ZXJzaGlyZTETMBEGA1UEBxMKQ2hlbHRl bmhhbTElMCMGA1UEChMcRW5kc2xlaWdoIEluc3VyYW5jZSBTZXJ2aWNlczEQMA4G A1UECxMHVklOQ0VOVDEoMCYGA1UEAxMfRW5kc2xlaWdoIEluc3VyYW5jZSBTZXJ2 aWNlcyBDQTAeFw0xMzA0MzAxMzQ4MzNaFw0xNDA1MDExMzQ4MzNaMHYxCzAJBgNV BAYTAlVLMQ0wCwYDVQQIEwRHbG9zMRMwEQYDVQQHEwpDaGVsdGVuaGFtMSUwIwYD VQQKExxFbmRzbGVpZ2ggSW5zdXJhbmNlIFNlcnZpY2VzMRwwGgYDVQQDExNHZXRH cmVldGluZ1Rlc3RDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCzLmkW pXfVzOFSDoEuW41PLZgVAyEPT3E4WV07C8RXnSM+A1eVWop6nhgLj+DPwXg6dIwB Cqa2bAuRvJ1YphSsLtsdf3b+mMQ3mvyKWCs9Nl0Yw1Gf6SodKNUPDiP73uBhteyl FlJilBqt4YpbpM9KhXmD+p0KMHIQQgUHL1FHNQIDAQABMA0GCSqGSIb3DQEBBQUA A4GBAMDw/gxM0x16QNtGKdJc9k+ia83RCMmeXTTES6+KHhOAiOgya83zDaQkwSel qUOhNaRrVXRDhmG2E5haAl1EorMKsI2UDglOXlOrxEtHNBPFzZftNd42XwThNqx9 pokpUImr5oAV5j6s4nNcHGb57qroX4zebWvhAiwNSUgsWe/i -----END CERTIFICATE----- Serial Number: 51:81:1D:31:02:EF:A8 Common Name: GetGreetingTestCert Country: UK State/Province: Glos Locality: Cheltenham Org Unit: Endsleigh Insurance Services Issuer CN: Endsleigh Insurance Services CA Issuer Country: UK Issuer State/Province: Gloucestershire Issuer Locality: Cheltenham Issuer Org: Endsleigh Insurance Services Issuer Org Unit: VINCENT Version: 03 not before: 20130430144833 not after: 20140501144833 pub key alg: 1.2.840.113549.1.1.5 http_persist_open(): entered http_long_ParseURL(): entered DNS resolver retrans: 2 DNS resolver retry : 2 DNS resolver options: x'00001136' DNS default domain: endsleigh.co.uk DNS server found: 10.30.2.3 DNS server found: 10.30.2.4 ------------------------------------------------------------------------------------- Dump of server-side certificate information: ------------------------------------------------------------------------------------- Cert Validation Code = 6000 -----BEGIN CERTIFICATE----- MIIByTCCATagAwIBAgIQN6vSQFeejr5D/aJNKQUrmDAJBgUrDgMCHQUAMBQxEjAQ BgNVBAMTCWxvY2FsaG9zdDAeFw0xMjA5MjYxMjAwMDlaFw0yMjA5MjYwMDAwMDBa MBQxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC gYEAp4dIzkYnBGkjf62tfwu0FCG5YS4Vs45nq/OfgHgk8dsSeWS/HSbrD2QzFVid CnNuBiNYeOssTv8xMD3inrDKARuVNnMgJSnFsZT5qEsqewwWkBPxKbq+Z3U1dCEr 7/Qv1eMFt525gJW40SrLdKHzWSX1/mcrbq6Kc69NAp7AhB8CAwEAAaMkMCIwCwYD VR0PBAQDAgSwMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAkGBSsOAwIdBQADgYEATCtj H1Wvjv98BuMSYSD6N2aI73k+8455pu6WUii8tXI6L6SBHB1B7SkBeusUxg9h5wzT CQhQQc/tytV31nUKIwTxvCw3Hk1/ka8JVKWcB+E2XXYH7A0omi/NwwyMA38Z05qk OEHNL1EmRcVHYB8WZyefDGWxf5LFbqKlE7Jm/v0= -----END CERTIFICATE----- Serial Number: 37:AB:D2:40:57:9E:8E:BE:43:FD:A2:4D:29:05:2B:98 Common Name: localhost Issuer CN: localhost Version: 03 not before: 20120926130009 not after: 20220926010000 pub key alg: 1.3.14.3.2.29 Protocol Used: TLS Version 1 http_persist_post(): entered http_long_ParseURL(): entered do_oper(POST): entered POST /GreetingService.svc HTTP/1.1 Host: shnsdw02:44300 User-Agent: http-api/1.24 Content-Type: text/xml; charset=utf-8 SOAPAction: "http://tempuri.org/IGreetingService/GetGreeting"; Content-Length: 136 senddoc(): entered <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/";><s:Body><GetGreeting xmlns="http://tempuri.org/"/></s:Body></s:Envelope> recvresp(): entered HTTP/1.1 200 OK Content-Length: 361 Content-Type: text/xml; charset=utf-8 Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET Date: Wed, 01 May 2013 15:39:39 GMT SetError() #13: HTTP/1.1 200 OK recvresp(): end with 200 recvdoc parms: identity 361 header_load_cookies() entered recvdoc(): entered SetError() #0: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/";><s:Body><GetGreetingResponse xmlns="http://tempuri.org/";><GetGreetingResult xmlns:a="http://schemas.datacontract.org/2004/07/BasicAuthenticationTest"; xmlns:i="http://www.w3.org/2001/XMLSchema-instance";><a:Greeting>Hello </a:Greeting></GetGreetingResult></GetGreetingResponse></s:Body></s:Envelope> http_close(): entered
----------------------------------------------------------------------- This is the FTPAPI mailing list. To unsubscribe, please go to: http://www.scottklement.com/mailman/listinfo/ftpapi -----------------------------------------------------------------------