[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: WSDL2RPG Equivalent of HTTPS_INIT
Thanks Scott,
I emailed Tony (our LAN director) to see if this rings a bell with him.
He did email me a screen shot for the cert we're using (see below). I'm
not sure if both *PGM and Define options can be checked (or if it's
"either/or"), as I've never used this.
[cid:image001.png@01D16E12.85D042A0]
-----Original Message-----
From: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx
[mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Scott
Klement
Sent: Tuesday, February 23, 2016 3:13 AM
To: HTTPAPI and FTPAPI Projects
Subject: Re: WSDL2RPG Equivalent of HTTPS_INIT
Ted,
This error ("Peer not recognized or badly formatted message") means
that the SSL code does not understand the data that it's receiving from
the server.
It could mean that the server is not sending SSL data. Or it could
mean that the server is using a version of SSL/TLS that you do not have
enabled on your system, or something similar to that.
-SK
On 2/22/2016 3:13 PM, Hammack, Ted wrote:
> Well, I'm getting a different error now (which is a form of progress,
I guess)...
>
> 30: SSL Handshake: (GSKit) Peer not recognized or badly formatted
message received.
>
> I used the Application ID name that appears in DCM. The variables
are defined as follows (should they be defined differently?)...
>
> D rc S 10I 0 inz
> D app_id S 100A varying
>
>
> app_id = 'CMPWSAPIPORT';
> rc = https_init(app_id);
>
> Is there a field value that I can view in debug that might give me
> more info as to what it didn't like? All I'm able to see are the
> resulting values of CMPWSApiPort_HttpError_getCode() and
> CMPWSApiPort_HttpError_getText()
>
> -----Original Message-----
> From: [1]ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx
> [[2]mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Thomas
> Raddatz
> Sent: Monday, February 22, 2016 3:36 PM
> To: HTTPAPI and FTPAPI Projects
> Subject: RE: WSDL2RPG Equivalent of HTTPS_INIT
>
> No, it cannot be the prefix of the procedure names of the generated
module.
> Actually that is something Scott should be able to answer. I assume
that somebody assigned an application id to the certificates when he
registered the client certificates in the cert manager.
>
> I cannot be more specific, because I never used client certificates.
>
> Sorry,
>
> Thomas.
>
> Gesendet mit AquaMail für Android
> [3]http://www.aqua-mail.com
>
>
> Am 22. Februar 2016 9:15:57 nachm. schrieb "Hammack, Ted"
> <[4]thammack@xxxxxxxxxxx>:
>
>> Is it simply the prefix portion of the names that appear for the
procedures?
>>
>> Ex:
>> CMPWSApiPort_OnlineTrans
>> CMPWSApiPort_Port_initialize
>> CMPWSApiPort_Port_getHttpProxy
>> Etc
>>
>> ie:
>>
>> app_id = ' CMPWSApiPort';
>> rc = https_init(app_id);
>>
>> Let me know, thx.
>>
>> -----Original Message-----
>> From: [5]ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx
>> [[6]mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of
Thomas
>> Raddatz
>> Sent: Monday, February 22, 2016 2:47 PM
>> To: HTTPAPI and FTPAPI Projects
>> Subject: Re: WSDL2RPG Equivalent of HTTPS_INIT
>>
>> Should be something like this (taken from EXAMPLE3):
>>
>> app_id = 'ACMEINC_HTTPAPI_EXAMPLE3';
>> rc = https_init(app_id);
>>
>> Thomas.
>>
>> Am 22.02.2016 um 20:35 schrieb Hammack, Ted:
>>> Ok, I'll look for it, thanks.
>>>
>>> Do you have sample code that shows what we should pass as a
>>> parameter in https_init?
>>>
>>> -----Original Message-----
>>> From: [7]ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx
>>> [[8]mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of
Thomas
>>> Raddatz
>>> Sent: Monday, February 22, 2016 2:27 PM
>>> To: HTTPAPI and FTPAPI Projects
>>> Subject: Re: WSDL2RPG Equivalent of HTTPS_INIT
>>>
>>> Ted,
>>>
>>> Please try to add http_init() right before WSDL2RPG calls
>>> http_url_post_raw2():
>>>
>>> https_init(...);
>>>
>>> dou (not HttpResponse_isAuthenticationError(http_rc));
>>> // Get document from server and handle http redirects
>>> // See also: WSDL2R88.HttpResponse_isRedirect()
>>> dou (not HttpResponse_isRedirect(http_rc));
>>> http_DebugLog_appendText(
>>> '** ' + %char(%timestamp()) + ': Sending request to
>>> server');
>>>
>>> http_rc =
>>> http_url_post_raw2(
>>> url
>>> : hInpStream
>>> :
%paddr('WSDL2R85_MessageContext_InputStream_read')
>>> : MessageContext_getSize(hMsgCtx)
>>> : 0
>>> : %paddr('HTTP_receiveResponse')
>>> : getTimeout()
>>> : getUserAgent()
>>> : '');
>>>
>>> if (HttpResponse_isRedirect(http_rc));
>>> url = http_redir_loc();
>>> hInpStream = reOpenInputStream(hMsgCtx: hInpStream);
>>> endif;
>>> enddo;
>>>
>>> You find http_url_post_raw2() in the generated WS_OPER module. It
is
>>> the module with the following header:
>>>
>>>
*================================================================
>>> * Generated by WSDL2RPG X.Y.Z / 19.04.2015
>>> * Built on Apr 19, 2015 (16:24:09)
>>> * Built for V7R2M0
>>> * Based on WS_OPER %VERSION% - %DATE%
>>>
>>> *================================================================
>>>
>>>
>>> Thomas.
>>>
>>> Am 22.02.2016 um 16:43 schrieb Hammack, Ted:
>>>> We are eagerly awaiting a reply from TR (with fingers crossed).
>>>>
>>>> I'm sure that publicly documented support on this specific item
>>>> would be a great help to others as well. It seems there is just
>>>> nothing out there on this. I'm guessing it's a simple fix too,
we'll see.
>>>>
>>>> Commercial support is not ruled out as a last resort, (since this
>>>> is a hot project that the higher-up keep asking for status updates
on).
>>>>
>>>>
>>>> -----Original Message-----
>>>> From: [9]ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx
>>>> [[10]mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of
Scott
>>>> Klement
>>>> Sent: Monday, February 22, 2016 10:27 AM
>>>> To: HTTPAPI and FTPAPI Projects
>>>> Subject: WSDL2RPG Equivalent of HTTPS_INIT (was: RE: GSKit SSL
>>>> Handshake Error)
>>>>
>>>> Ted,
>>>>
>>>> In HTTPAPI, you associate your application with a profile in the
>>>> digital certificate manager by calling the https_init() routine to
set application ID.
>>>>
>>>> I don't know about WSDL2RPG, however, since this is not my tool.
If
>>>> you ever decided to use HTTPAPI directly instead of using WSDL2RPG
>>>> I could help you, I could offer you commercial support, I could
>>>> offer you consulting, etc. However, WSDL2RPG is not my tool, so
>>>> you need to get help from Thomas Raddatz or at least someone who
is familiar with it.
>>>>
>>>> I don't understand why Thomas isn't replying, since he is replying
>>>> to other posts on this list?
>>>>
>>>> -SK
>>>>
>>>>
>>>> -------- Forwarded Message --------
>>>> Subject: RE: GSKit SSL Handshake Error
>>>> Date: Mon, 22 Feb 2016 13:56:25 +0000
>>>> From: Hammack, Ted <[11]thammack@xxxxxxxxxxx>
>>>> Reply-To: HTTPAPI and FTPAPI Projects
<[12]ftpapi@xxxxxxxxxxxxxxxxxxxxxx>
>>>> To: HTTPAPI and FTPAPI Projects
<[13]ftpapi@xxxxxxxxxxxxxxxxxxxxxx>
>>>>
>>>>
>>>>
>>>> Ok, thanks Julius.
>>>>
>>>> I won't waste any more time trying to get axiscStubSetSecure to
>>>> work since I'm apparently barking up the wrong tree. It was the
>>>> only thing we could find an article for that related to this
specific error.
>>>>
>>>> What you said makes sense, since I couldn't find a routine with
the
>>>> name of Get_(ServiceName)_stub anywhere for the getStub prototype
>>>> in the example I was following. I was able to find the
>>>> ....._Port_supplyLoginData routine, which I successfully modified
>>>> (at least there was one article out there that talked about using
that one).
>>>>
>>>> I guess we'll just keep digging for an articles until we hear from
someone.
>>>> Unfortunately, there's not a lot out there.
>>>>
>>>> Tomas, we would gladly pay for one-on-one support time on this
one.
>>>>
>>>>
>>>> -----Original Message-----
>>>> From: [14]ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx
>>>> [[15]mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of
Julius
>>>> Kaj
>>>> Sent: Monday, February 22, 2016 6:06 AM
>>>> To: 'HTTPAPI and FTPAPI Projects'
>>>> Subject: SV: GSKit SSL Handshake Error
>>>>
>>>> FWIW, I think you're mixing things up. The WSDL2RPG tool that
>>>> Thomas Raddatz has created generates a stub based on the use of
>>>> Scott Klement's HTTPAPI tool. That is a totally different product
than IBM's IWS client.
>>>>
>>>> To use a client-side certificate you can't call the
>>>> axiscStubSetSecure procedure, which is related to the IBM product.
>>>> You have to use the equivalent HTTPAPI procedure call instead.
>>>> You'll probably need to make some small changes to the generated
>>>> stub to do so. However, I think you'll need to get the attention
of
>>>> Thomas Raddatz. He will undoubtedly be able to point you to the
exact place where you have to make changes.
>>>>
>>>> Thomas is normally very good at spotting posts related to his
>>>> WSDL2RPG product and help people. So have faith and don't give up
just yet...
>>>> :-)
>>>>
>>>>
>>>> -----Oprindelig meddelelse-----
>>>> Fra: [16]ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx
>>>> [[17]mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx] På vegne af
Hammack,
>>>> Ted
>>>> Sendt: 19. februar 2016 14:56
>>>> Til: HTTPAPI and FTPAPI Projects
>>>> Emne: RE: GSKit SSL Handshake Error
>>>>
>>>> Hi Scott, thanks for getting back to me on this.
>>>>
>>>> We have been told by First Data from day 1, that we need their
>>>> certificate to consume this web service. They provided us with the
>>>> client and root certs, and Tony installed the applicable cert on
>>>> the IBMi using DCM. In addition, I added the cert in SoapUI, and
>>>> have been able to successfully test the various functions in
SoapUI
>>>> (which did not work without their cert). Besides, it makes sense
>>>> that we need an SSL certificate based on the presence of HttpS in
the WSDL URL provided....
>>>>
>>>>
[18]https://merchanttest.ctexmloma.compass-xml.com:443/cmpwsapi/service
>>>> s
>>>>
>>>> After creating the stubs and services program using the newer
>>>> WSDL2RPG, I created the driver program WSFDMS001T, using the
>>>> command taken from Tom's article...
>>>>
>>>> WSDL2RPG URL('file:/home/hammat/order.wsdl')
>>>> SERVICE('CMPWSApiPort' 'OnlineTrans()')
>>>> SRCFILE(*LIBL/QWSDL2RPG) SRCMBR(WSFDMS001T *YES)
>>>> TYPE(*PGM) STUB(WSFDMS001) DIM(60) STRLEN(60)
>>>>
>>>> After stepping through debug in the driver program (just after the
>>>> OnlineRequest call) the http error message returned told me that I
>>>> needed to supply the username and password (which First Data also
gave to us).
>>>> After adding this in the ...Port_supplyLoginData routine in the
>>>> service program, the error went away, and was replaced by the
GSKit
>>>> SSL Handshake error.
>>>>
>>>> We are now trying to get past this with a call to
>>>> axiscStubSetSecure (based on the article below). However, I'm
>>>> having trouble finding what generated name (routine) to point to
for the getStub prototype.
>>>>
>>>> [19]http://www-01.ibm.com/support/docview.wss?uid=nas8N1011196
>>>>
>>>> We have come so far with this, and are so close. Is there any
other
>>>> (more
>>>> suitable) forum we should be posting to?
>>>>
>>>>
>>>> -----Original Message-----
>>>> From: [20]ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx
>>>> [[21]mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of
Scott
>>>> Klement
>>>> Sent: Thursday, February 18, 2016 11:15 PM
>>>> To: HTTPAPI and FTPAPI Projects
>>>> Subject: Re: GSKit SSL Handshake Error
>>>>
>>>> Hi Ted,
>>>>
>>>> It's unclear why you would need a certificate assigned to your
>>>> application? Can you explain the requirements, here? The
most
>>>> common scenario for a client-side application is to NOT use a
certificate.
>>>> Normally, only server applications need certificates (in
>>>> like 95% of the cases.) Unless you are referring to a CA
Certificate?
>>>> That's a different matter.
>>>>
>>>> If what you're looking for is a CA Certificate, then i wonder why
>>>> you'd like to associate it with an application?
>>>>
>>>> If you do need client-side certificates, I could tell you how to
>>>> configure them in HTTPAPI, but I cannot tell you how to do so in
>>>> WSDL2RPG, as that is not my project, and I am not familiar with
it.
>>>>
>>>> Thomas Raddatz is usually a frequent participant on this mailing
list.
>>>> Usually his responses (as well as others here) are very good and
>>>> frequent, but there are no guarantees because this is "community
>>>> support" on an "open source" project. HTTPAPI also offers
>>>> commercial support and consulting, but I do not know whether
WSDL2RPG offers the same.
>>>>
>>>> -SK
>>>>
>>>> On 2/12/2016 8:24 AM, Hammack, Ted wrote:
>>>>> We recently used a newer version of WSDL2RPG (developed by
Thomas
>>>>> Raddatz) to create stubs and service programs for a fairly
complex WSDL
>>>>> (a WSDL that the IBM told us could not be processed by their
IWS client
>>>>> tool due to the presence of "complex content extensions").
>>>>>
>>>>>
>>>>>
>>>>> We now have a driver program set up to consume the service.
Immediately
>>>>> after executing the OnlineTransRequest, we get an
HttpError_getCode
>>>>> return value of 30 and an HttpError_getText value that
reads...
>>>>>
>>>>>
>>>>>
>>>>> "(GSKit) No certificate is available for SSL processing"
>>>>>
>>>>>
>>>>>
>>>>> Our LAN director says that he already installed the
certificate using
>>>>> IBM's Digital Certificate Manager. Is there something else
that we need
>>>>> to do that will allow us to link the program to the cert?
(is there a
>>>>> built-in function that handles this in RPG?)
>>>>>
>>>>>
>>>>>
-----------------------------------------------------------------------
This is the FTPAPI mailing list. To unsubscribe, please go to:
[22]http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------
References
1. mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx
2. mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx
3. http://www.aqua-mail.com/
4. mailto:thammack@xxxxxxxxxxx
5. mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx
6. mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx
7. mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx
8. mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx
9. mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx
10. mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx
11. mailto:thammack@xxxxxxxxxxx
12. mailto:ftpapi@xxxxxxxxxxxxxxxxxxxxxx
13. mailto:ftpapi@xxxxxxxxxxxxxxxxxxxxxx
14. mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx
15. mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx
16. mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx
17. mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx
18. https://merchanttest.ctexmloma.compass-xml.com/cmpwsapi/service
19. http://www-01.ibm.com/support/docview.wss?uid=nas8N1011196
20. mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx
21. mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx
22. http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------
This is the FTPAPI mailing list. To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------