[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: HTTP API with SSL
Julio,
https_init() with an application ID should be done if you want to
fine-tune the way SSL is used. Typically, the only time that's really
necessary is if you are using client-side certificates, which is
extremely rare.
If you do not call https_init() (or if you call it with *BLANKS as a
parameter) then HTTPAPI will use default SSL settings rather than
require you to configure them. If you do not call https_init()
yourself, HTTPAPI will initialize SSL on the first use of an
[1]https:// URL. (Essentially, it calls https_init(*blanks) for you in
this case.)
Once the SSL environment has been set up (either by HTTPAPI doing it,
or by you calling https_init) HTTPAPI will remember the SSL settings.
This is done for performance reasons, and in most cases there's no need
to unload this or reset it. It only caches the SSL settings for your
server, it does not cache the ones for the site you connect to, so you
can keep the SSL settings in cache and re-use them with lots of other
servers without causing any problems.
The only time it really makes sense to unload the SSL cache and change
the settings is if you want to use different server-side settings.
And the only reasons I can think of that you'd want to do that is if
you changed the CA certificates on your server, or if you were using a
client-side certificate and wnat to change to a different client-side
certificate.
You do not have to reclaim the activation group to reset the SSL
environment. There are three ways to reset it:
1) You can call https_init() with a different application ID than you
did previously. HTTPAPI will detect that you want to use a different
DCM application profile, and will automatically reset the settings and
create a new SSL environment. This is what I recommend if your goal
is to change client certificates. Every application that uses client
certificates should call https_init() with it's client certificate
settings at the start, and so HTTPAPI will switch to the appropriate
SSL profile.
2) You can call https_cleanup(). This will remove the cached SSL
environment from memory. If you call https_init() after that, it will
create a new SSL environment. Or if you call an [2]https:// URL after
that, it'll set up a new enviroment with default settings.
3) You can end the activation group, as you already know. This is the
least efficient method -- but it will have the same effect on SSL as
#2, but, of course it'll reset everything else in the activation group
as well.
Hope that helps.
On 11/20/2013 1:24 PM, Julio Cabrera wrote:
Guys;
We are working in or company for 3 years now. We installed HTTP API
V1.24 and OS V7.1 in our AS400 last week and also convert the programs
to consume the Web Services with SSL ( using https;// ).
I have 2 questions :
1. When using SSL, is it necessary to unload HTTPAPI from memory so
that it is reactivated on the next call? By ending the activation
group with the CEETREC API. If true, wouldn't this cause poor
performance? Does the answer change if we're validating with an
application ID or sending a *blank application ID to
https_init(app_id)?
2. Also, I noticed that both service programs, HTTPAPIR4 & EXPAT, were
created under activation group *CALLER, therefore by issuing the
call to CEETREC API will kill everything for the activation group
they end up running under, except of course *DFTACTGRP. What would
be the implications of not unloading HTTPAPI from memory? Meaning,
leaving the housekeeping to when the job ends or the activation
group is deleted within the job.
Thanks for your help
JULIO C. CABRERA
Sr. Programmer Analyst, Information Technology
Interval International
6262 Sunset Drive o Miami, Florida 33143
305.666.1861, ext. 7287 o direct 305.925.7287
cell 305.928.7925 o fax 305.668.3409
[[3]1]Julio.Cabrera@xxxxxxxxxxxxxxxx
IntervalWorld.com o ResortDeveloper.com
This electronic mail message is intended exclusively for the individual
or entity to which it is addressed. This message, together with any
attachment, may contain confidential and privileged information. Any
views, opinions or conclusions expressed in this message are those of
the individual sender and do not necessarily reflect the views of
Interval Leisure Group, Interval International, and their affiliates.
Any unauthorized review, use, printing, copying, retention, disclosure
or distribution is strictly prohibited. If you have received this
message in error, please immediately advise the sender by replying to
this email and delete all copies of this message. Thank you.
References
1. [4]mailto:Julio.Cabrera@xxxxxxxxxxxxxxxx
-----------------------------------------------------------------------
This is the FTPAPI mailing list. To unsubscribe, please go to:
[5]http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------
References
1. https:///
2. https:///
3. mailto:1]Julio.Cabrera@xxxxxxxxxxxxxxxx
4. mailto:Julio.Cabrera@xxxxxxxxxxxxxxxx
5. http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------
This is the FTPAPI mailing list. To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------