[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Example23
Scott,
I was able to get it done. I substituted the URL for the Web Service I am trying to connect to and everything fell into place.
Thanks for your response and all of this amazing stuff that you do.
I hope you are well soon.
Danny Hayes | Sr JDE Developer - IT | 813 901-2150 x133154
-----Original Message-----
From: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx [mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Scott Klement
Sent: Thursday, February 18, 2016 11:37 PM
To: HTTPAPI and FTPAPI Projects
Subject: Re: Example23
Danny,
Server Name Indication (SNI) is not available on V5R4. Therefore, you will get the "identifier not valid" messages. However, this is not a fatal error, it will continue without SNI support, which is only used rarely.
The problem you should be looking into, however, is the "Connection was reset" errors. These indicate that you are connecting to anothr computer, but it is disconnecting you by sending back the "reset" flag.
(A flag used under the covers to kill sessions that are deemed to be in
error.)
As for EXAMPLE23, it needs to be updated. It is an old example that points to my former employer, and I doubt very much they still have my SSL test program online. The purpose of EXAMPLE23 is to show you how to do much stricter and more secure validity checking in SSL, and it seems very ironic that you'd attempt to do that on V5R4, which doesn't support current versions of SSL.
As your log notes, V5R4 only supports TLS 1.0 and older. TLS 1.1 and
1.2 are not available on that release. This is a problem because many sites do not support TLS 1.0 any more since it is no longer deemed secure. You will find that many sites cannot be used with SSL in V5R4 for this reason. So it seems ironic to me that you'd try to include more security above and beyond the standard SSL checking.
It could be that simply updating to a system that supports TLS 1.1/1.2 would solve your problem? I don't know, I'm only guessing here. I would suggest that you try this from a system with TLS 1.1/1.2 (to your real server, not www.klements.com) and see if that solves the problem.
If it does, you'll know that you need to update the original one where
HTTPAPI is running to fix the problem. If you don't have access to a
newer system, let me know what the site is, and I'll try it myself.
-SK
On 2/15/2016 3:59 PM, Hayes, Daniel wrote:
> Scott,
>
>
> Trying to get our TLS (SSL) to function so I can do secured Web Service
> calls.
>
>
> I downloaded your new version and recompiled all, when I ran example23,
> it did not work and I got the following in the
>
>
> Log file in IFS:
>
>
> OS/400 Ver V5R4M0
>
>
> New iconv() objects set, PostRem=819. PostLoc=0. ProtRem=819.
> ProtLoc=0
>
> http_long_ParseURL(): entered
>
> http_url_get(): entered
>
> http_persist_open(): entered
>
> http_long_ParseURL(): entered
>
> DNS resolver retrans: 2
>
> DNS resolver retry : 2
>
> DNS resolver options: x'00000136'
>
> DNS default domain: CCX.CARECENTRIX.COM
>
> DNS server found: 10.230.102.37
>
> DNS server found: 10.230.102.160
>
> DNS server found: 10.230.200.36
>
> https_init(): entered
>
> QSSLPCL =
>
> SSL version 2 support disabled
>
> SSL version 3 support disabled
>
> Old interface to TLS version 1.0 support enabled
>
> Support for TLS 1.0 unavailable.
>
> Support for TLS 1.1 unavailable.
>
> Support for TLS 1.2 unavailable.
>
> -----------------------------------------------------------------------
> --------------
>
> Dump of local-side certificate information:
>
> -----------------------------------------------------------------------
> --------------
>
> Nagle's algorithm (TCP_NODELAY) disabled.
>
> (GSKit) Identifier value is not valid.
>
> ssl_error(701): (GSKit) Identifier value is not valid.
>
> SNI hostname error: (GSKit) Identifier value is not valid.
>
> NOTE: SNI errors are not usually fatal.
>
> (GSKit) I/O: A connection with a remote socket was reset by that
> socket.
>
> ssl_error(406): (GSKit) I/O: A connection with a remote socket was
> reset by that socket.
>
> SetError() #30: SSL Handshake: (GSKit) I/O: A connection with a remote
> socket was reset by that
>
>
> I am very new to this, but to me it appears I have multiple issues.
>
>
> I am not sure which way to go.
>
>
> TIA,
>
>
>
> Daniel E. `Danny' Hayes
>
> Senior JD Edwards Developer
>
> 813 901-2150 x133154
>
> cid:image001.png@01CFCC0B.D6D16F30
>
> 9119 Corporate Lake Drive | Tampa Florida 33634 |
> [1]www.carecentrix.com
>
-----------------------------------------------------------------------
This is the FTPAPI mailing list. To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------
This communication is intended only for the use of the individual or entity named as the addressee. It may contain information which is privileged and/or confidential under applicable law. If you are not the intended recipient or such recipient's employee or agent, you are hereby notified that any dissemination, copy or disclosure of this communication is strictly prohibited. If you have received this communication in error, please immediately notify CareCentrix Compliance Hot Line at (877) 848-8229 and notify the sender by electronic mail. Please expunge this communication without making any copies. Thank you for your cooperation.
-----------------------------------------------------------------------
This is the FTPAPI mailing list. To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------