[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
AW: Difference Version 1.24 and 1.32

From: Alexander Grünwald <alexander.gruenwald@xxxxxxxxxxx>
To: HTTPAPI and FTPAPI Projects <ftpapi@xxxxxxxxxxxxxxxxxxxxxx>
Subject: AW: Difference Version 1.24 and 1.32
Date: Sun, 4 Sep 2016 19:43:47 +0200
Hello Scott,

unfortunately this change didn´t make it work: I get the same error,although  I used your https_init advice and set all the parameters:

HTTPAPI Ver 1.32 released 2016-02-10
NTLM Ver 1.4.0 released 2014-12-22
OS/400 Ver V7R1M0

New iconv() objects set, PostRem=819. PostLoc=0. ProtRem=819. ProtLoc=0
http_setauth(): entered
https_init(): entered
QSSLPCL = *OPSYS
SSL version 2 support disabled
SSL version 3 support enabled
Old interface to TLS version 1.0 support enabled
TLS version 1.0 support enabled
TLS version 1.1 support enabled
TLS version 1.2 support enabled
-------------------------------------------------------------------------------------
Dump of local-side certificate information:
-------------------------------------------------------------------------------------
http_url_post(): entered
http_persist_open(): entered
http_long_ParseURL(): entered
DNS resolver retrans: 2
DNS resolver retry  : 2
DNS resolver options: x'00000136'
DNS default domain: eb.lan.at
DNS server found: 10.3.42.1
DNS server found: 10.3.42.2
Nagle's algorithm (TCP_NODELAY) disabled.
SNI hostname set to: app-proxy.eb.lan.at
(GSKit) Peer hat empfangene Nachricht nicht erkannt oder falsch formatiert.
ssl_error(415): (GSKit) Peer hat empfangene Nachricht nicht erkannt oder falsch formatiert.
SetError() #30: SSL Handshake: (GSKit) Peer hat empfangene Nachricht nicht erkannt oder falsch f


Any more ideas that could help me?
Thanks a lot, Alexander

-----Ursprüngliche Nachricht-----
Von: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx [mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx] Im Auftrag von Scott Klement
Gesendet: Freitag, 2. September 2016 06:06
An: HTTPAPI and FTPAPI Projects <ftpapi@xxxxxxxxxxxxxxxxxxxxxx>
Betreff: Re: Difference Version 1.24 and 1.32

Alexander,

In version 1.26 and later, I changed  HTTPAPI so that SSL version 3 is 
disabled by default.   This was done because major security 
vulnerabilities were found in that version of the protocol, and security experts were warning that continued use of SSLv3 was not safe.

Could this be the problem?  Does the site you're accessing require SSLv3?

If so, you can tell HTTPAPI to use SSLv3 by calling https_init() before using SSL in your program.  For example:

https_init(*blanks: *OFF: *ON: *ON: *ON: *ON);

The 3rd parameter (the first *ON in the example above) controls whether
SSLv3 is enabled.  By default this is *OFF.

Good luck!


On 9/1/2016 7:45 AM, Alexander Grünwald wrote:
>     Hello !!
>
>     I am actually struggeling with proxy access and tried to use a later
>     version 1.32 instead of the 1.24 I am still using in production. Using
>     the same program and access with version 1.24 works fine (see debug log
>     below):
>
>
>     HTTPAPI Ver 1.24 released 2012-01-23
>
>     OS/400 Ver V7R1M0
>
>
>     New iconv() objects set, PostRem=819. PostLoc=0. ProtRem=819. 
> ProtLoc=0
>
>     http_setauth(): entered
>
>     https_init(): entered
>
>     -----------------------------------------------------------------------
>     --------------
>
>     Dump of local-side certificate information:
>
>     -----------------------------------------------------------------------
>     --------------
>
>     http_url_post(): entered
>
>     http_persist_open(): entered
>
>     http_long_ParseURL(): entered
>
>     DNS resolver retrans: 2
>
>     DNS resolver retry  : 2
>
>     DNS resolver options: x'00000136'
>
>     DNS default domain: eb.lan.at
>
>     DNS server found: 10.3.42.1
>
>     DNS server found: 10.3.42.2
>
>     -----------------------------------------------------------------------
>     --------------
>
>     Dump of server-side certificate information:
>
>     -----------------------------------------------------------------------
>     --------------
>
>     Cert Validation Code = 0
>
>     -----BEGIN CERTIFICATE-----
>
>     ....
>
>     -----END CERTIFICATE-----
>
>     Serial Number: 41:C2:BA:71:14:31:28:E4:16:34:1B:64:23:2A:44:42
>
>     Common Name: secure.armstrongconsulting.com
>
>     Org: Domain Validated, OU=Thawte SSL123 certificate, OU=Go to
>     https://www.thawte.com/repository/index.html
>
>     Issuer CN: Thawte DV SSL CA
>
>     Issuer Country: US
>
>     Issuer Org: Thawte, Inc.
>
>     Issuer Org Unit: Domain Validated SSL
>
>     Version: 3
>
>     not before: 20140505020000
>
>     Unknown Field: 02:00:00 05-05-2014
>
>     not after: 20170508015959
>
>     Unknown Field: 01:59:59 08-05-2017
>
>     pub key alg: 1.2.840.113549.1.1.5
>
>
>     Protocol Used: TLS Version 1
>
>     http_persist_post(): entered
>
>     http_persist_req(POST) entered.
>
>     http_long_ParseURL(): entered
>
>     do_oper(POST): entered
>
>     There are 0 cookies in the cache
>
>     POST /cofaserve/api/webservices/test/V2/insurancePortfolio 
> HTTP/1.1
>
>     Host: app-proxy.eb.lan.at:10071
>
>     User-Agent: SOAP Toolkit 3.0
>
>     Content-Type: text/xml; charset="UTF-8"
>
>     SOAPAction:
>     https://cofaserve.coface.com/insuranceProducts/V1/companySearch
>
>     Content-Length: 812
>
>     Authorization: Basic Q0cxNjAxMzA6Nzc4OTEy
>
>
>
>     senddoc(): entered
>
>     .....
>
>
>     recvresp(): entered
>
>     HTTP/1.1 200 OK
>
>     Date: Thu, 01 Sep 2016 12:44:08 GMT
>
>     Server: Werkzeug/0.11.4 Python/2.7.11
>
>     Content-Type: text/xml; charset=utf-8
>
>     Content-Length: 1417
>
>     Via: 1.1 secure.armstrongconsulting.com:10071
>
>     Vary: Accept-Encoding
>
>
>
>     SetError() #13: HTTP/1.1 200 OK
>
>     recvresp(): end with 200
>
>     recvdoc parms: identity 1417
>
>     header_load_cookies() entered
>
>     recvdoc(): entered
>
>     SetError() #0:
>
>     ....
>
>
>     http_close(): entered
>
>
>     Only changing the library to version 1.32 (changing my BndDir statement
>     and the /copy modules) doesn´t work. What might be the difference that
>     leads to this ?:
>
>
>     HTTPAPI Ver 1.32 released 2016-02-10
>
>     NTLM Ver 1.4.0 released 2014-12-22
>
>     OS/400 Ver V7R1M0
>
>
>     New iconv() objects set, PostRem=819. PostLoc=0. ProtRem=819. 
> ProtLoc=0
>
>     http_setauth(): entered
>
>     https_init(): entered
>
>     QSSLPCL = *OPSYS
>
>     SSL version 2 support disabled
>
>     SSL version 3 support disabled
>
>     Old interface to TLS version 1.0 support enabled
>
>     TLS version 1.0 support enabled
>
>     TLS version 1.1 support enabled
>
>     TLS version 1.2 support enabled
>
>     -----------------------------------------------------------------------
>     --------------
>
>     Dump of local-side certificate information:
>
>     -----------------------------------------------------------------------
>     --------------
>
>     http_url_post(): entered
>
>     http_persist_open(): entered
>
>     http_long_ParseURL(): entered
>
>     DNS resolver retrans: 2
>
>     DNS resolver retry  : 2
>
>     DNS resolver options: x'00000136'
>
>     DNS default domain: eb.lan.at
>
>     DNS server found: 10.3.42.1
>
>     DNS server found: 10.3.42.2
>
>     Nagle's algorithm (TCP_NODELAY) disabled.
>
>     SNI hostname set to: app-proxy.eb.lan.at
>
>     (GSKit) Peer hat empfangene Nachricht nicht erkannt oder falsch
>     formatiert.
>
>     ssl_error(415): (GSKit) Peer hat empfangene Nachricht nicht erkannt
>     oder falsch formatiert.
>
>     SetError() #30: SSL Handshake: (GSKit) Peer hat empfangene Nachricht
>     nicht erkannt oder falsch f
>
>
>     Just translating: "(GSKit) Peer not recognized or badly fomratted
>     message received"
>
>
>     Thanks a lot for the support.
>
>
>     Mit freundlichen Grüßen/Best regards Mag. Alexander Grünwald
>
>
>     Geschäftsführer/Projektmanagement
>
>     SOB Datenverarbeitungsges.m.b.H.
>
>     Albrechtstraße 60/9
>
>     A-3400 Klosterneuburg
>
>
>     Tel. +43/2243/37201
>
>     Fax. +43/2243/37201/5
>
>     Mail: [1]alexander.gruenwald@xxxxxxxxxxx
>
> References
>
>     1. mailto:alexander.gruenwald@xxxxxxxxxxx
>
>
>
> ----------------------------------------------------------------------
> - This is the FTPAPI mailing list.  To unsubscribe, please go to:
> http://www.scottklement.com/mailman/listinfo/ftpapi
> ----------------------------------------------------------------------
> -


-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------
-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------
Follow-Ups:
- Re: AW: Difference Version 1.24 and 1.32
  - From: Scott Klement
References:
- Difference Version 1.24 and 1.32
  - From: Alexander Grünwald
- Re: Difference Version 1.24 and 1.32
  - From: Scott Klement
Prev by Date: Re: Difference Version 1.24 and 1.32
Next by Date: Re: AW: Difference Version 1.24 and 1.32
Previous by thread: Re: Difference Version 1.24 and 1.32
Next by thread: Re: AW: Difference Version 1.24 and 1.32
Index(es):
- Date
- Thread