Re: AW: Difference Version 1.24 and 1.32

[Scott Klement <sk@xxxxxxxxxxxxxxxx>]

Alexander,

You are getting an SSL/TLS error saying that it doesn't understand the 
format of the message.  This is the only change that was made to SSL/TLS 
in HTTPAPI.    Are you certain that you didn't make any changes between 
version 1.24 and 1.32?   Is there any changes to the networking, digital 
certificate manager, or the host/port you are connecting to?

-SK


On 9/4/2016 12:43 PM, Alexander Grünwald wrote:
> Hello Scott,
>
> unfortunately this change didn´t make it work: I get the same error,although  I used your https_init advice and set all the parameters:
>
> HTTPAPI Ver 1.32 released 2016-02-10
> NTLM Ver 1.4.0 released 2014-12-22
> OS/400 Ver V7R1M0
>
> New iconv() objects set, PostRem=819. PostLoc=0. ProtRem=819. ProtLoc=0
> http_setauth(): entered
> https_init(): entered
> QSSLPCL = *OPSYS
> SSL version 2 support disabled
> SSL version 3 support enabled
> Old interface to TLS version 1.0 support enabled
> TLS version 1.0 support enabled
> TLS version 1.1 support enabled
> TLS version 1.2 support enabled
> -------------------------------------------------------------------------------------
> Dump of local-side certificate information:
> -------------------------------------------------------------------------------------
> http_url_post(): entered
> http_persist_open(): entered
> http_long_ParseURL(): entered
> DNS resolver retrans: 2
> DNS resolver retry  : 2
> DNS resolver options: x'00000136'
> DNS default domain: eb.lan.at
> DNS server found: 10.3.42.1
> DNS server found: 10.3.42.2
> Nagle's algorithm (TCP_NODELAY) disabled.
> SNI hostname set to: app-proxy.eb.lan.at
> (GSKit) Peer hat empfangene Nachricht nicht erkannt oder falsch formatiert.
> ssl_error(415): (GSKit) Peer hat empfangene Nachricht nicht erkannt oder falsch formatiert.
> SetError() #30: SSL Handshake: (GSKit) Peer hat empfangene Nachricht nicht erkannt oder falsch f
>
>
> Any more ideas that could help me?
> Thanks a lot, Alexander
>
> -----Ursprüngliche Nachricht-----
> Von: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx [mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx] Im Auftrag von Scott Klement
> Gesendet: Freitag, 2. September 2016 06:06
> An: HTTPAPI and FTPAPI Projects <ftpapi@xxxxxxxxxxxxxxxxxxxxxx>
> Betreff: Re: Difference Version 1.24 and 1.32
>
> Alexander,
>
> In version 1.26 and later, I changed  HTTPAPI so that SSL version 3 is
> disabled by default.   This was done because major security
> vulnerabilities were found in that version of the protocol, and security experts were warning that continued use of SSLv3 was not safe.
>
> Could this be the problem?  Does the site you're accessing require SSLv3?
>
> If so, you can tell HTTPAPI to use SSLv3 by calling https_init() before using SSL in your program.  For example:
>
> https_init(*blanks: *OFF: *ON: *ON: *ON: *ON);
>
> The 3rd parameter (the first *ON in the example above) controls whether
> SSLv3 is enabled.  By default this is *OFF.
>
> Good luck!
>
>
> On 9/1/2016 7:45 AM, Alexander Grünwald wrote:
> >      Hello !!
> >
> >      I am actually struggeling with proxy access and tried to use a later
> >      version 1.32 instead of the 1.24 I am still using in production. Using
> >      the same program and access with version 1.24 works fine (see debug log
> >      below):
> >
> >
> >      HTTPAPI Ver 1.24 released 2012-01-23
> >
> >      OS/400 Ver V7R1M0
> >
> >
> >      New iconv() objects set, PostRem=819. PostLoc=0. ProtRem=819.
> > ProtLoc=0
> >
> >      http_setauth(): entered
> >
> >      https_init(): entered
> >
> >      -----------------------------------------------------------------------
> >      --------------
> >
> >      Dump of local-side certificate information:
> >
> >      -----------------------------------------------------------------------
> >      --------------
> >
> >      http_url_post(): entered
> >
> >      http_persist_open(): entered
> >
> >      http_long_ParseURL(): entered
> >
> >      DNS resolver retrans: 2
> >
> >      DNS resolver retry  : 2
> >
> >      DNS resolver options: x'00000136'
> >
> >      DNS default domain: eb.lan.at
> >
> >      DNS server found: 10.3.42.1
> >
> >      DNS server found: 10.3.42.2
> >
> >      -----------------------------------------------------------------------
> >      --------------
> >
> >      Dump of server-side certificate information:
> >
> >      -----------------------------------------------------------------------
> >      --------------
> >
> >      Cert Validation Code = 0
> >
> >      -----BEGIN CERTIFICATE-----
> >
> >      ....
> >
> >      -----END CERTIFICATE-----
> >
> >      Serial Number: 41:C2:BA:71:14:31:28:E4:16:34:1B:64:23:2A:44:42
> >
> >      Common Name: secure.armstrongconsulting.com
> >
> >      Org: Domain Validated, OU=Thawte SSL123 certificate, OU=Go to
> >      https://www.thawte.com/repository/index.html
> >
> >      Issuer CN: Thawte DV SSL CA
> >
> >      Issuer Country: US
> >
> >      Issuer Org: Thawte, Inc.
> >
> >      Issuer Org Unit: Domain Validated SSL
> >
> >      Version: 3
> >
> >      not before: 20140505020000
> >
> >      Unknown Field: 02:00:00 05-05-2014
> >
> >      not after: 20170508015959
> >
> >      Unknown Field: 01:59:59 08-05-2017
> >
> >      pub key alg: 1.2.840.113549.1.1.5
> >
> >
> >      Protocol Used: TLS Version 1
> >
> >      http_persist_post(): entered
> >
> >      http_persist_req(POST) entered.
> >
> >      http_long_ParseURL(): entered
> >
> >      do_oper(POST): entered
> >
> >      There are 0 cookies in the cache
> >
> >      POST /cofaserve/api/webservices/test/V2/insurancePortfolio
> > HTTP/1.1
> >
> >      Host: app-proxy.eb.lan.at:10071
> >
> >      User-Agent: SOAP Toolkit 3.0
> >
> >      Content-Type: text/xml; charset="UTF-8"
> >
> >      SOAPAction:
> >      https://cofaserve.coface.com/insuranceProducts/V1/companySearch
> >
> >      Content-Length: 812
> >
> >      Authorization: Basic Q0cxNjAxMzA6Nzc4OTEy
> >
> >
> >
> >      senddoc(): entered
> >
> >      .....
> >
> >
> >      recvresp(): entered
> >
> >      HTTP/1.1 200 OK
> >
> >      Date: Thu, 01 Sep 2016 12:44:08 GMT
> >
> >      Server: Werkzeug/0.11.4 Python/2.7.11
> >
> >      Content-Type: text/xml; charset=utf-8
> >
> >      Content-Length: 1417
> >
> >      Via: 1.1 secure.armstrongconsulting.com:10071
> >
> >      Vary: Accept-Encoding
> >
> >
> >
> >      SetError() #13: HTTP/1.1 200 OK
> >
> >      recvresp(): end with 200
> >
> >      recvdoc parms: identity 1417
> >
> >      header_load_cookies() entered
> >
> >      recvdoc(): entered
> >
> >      SetError() #0:
> >
> >      ....
> >
> >
> >      http_close(): entered
> >
> >
> >      Only changing the library to version 1.32 (changing my BndDir statement
> >      and the /copy modules) doesn´t work. What might be the difference that
> >      leads to this ?:
> >
> >
> >      HTTPAPI Ver 1.32 released 2016-02-10
> >
> >      NTLM Ver 1.4.0 released 2014-12-22
> >
> >      OS/400 Ver V7R1M0
> >
> >
> >      New iconv() objects set, PostRem=819. PostLoc=0. ProtRem=819.
> > ProtLoc=0
> >
> >      http_setauth(): entered
> >
> >      https_init(): entered
> >
> >      QSSLPCL = *OPSYS
> >
> >      SSL version 2 support disabled
> >
> >      SSL version 3 support disabled
> >
> >      Old interface to TLS version 1.0 support enabled
> >
> >      TLS version 1.0 support enabled
> >
> >      TLS version 1.1 support enabled
> >
> >      TLS version 1.2 support enabled
> >
> >      -----------------------------------------------------------------------
> >      --------------
> >
> >      Dump of local-side certificate information:
> >
> >      -----------------------------------------------------------------------
> >      --------------
> >
> >      http_url_post(): entered
> >
> >      http_persist_open(): entered
> >
> >      http_long_ParseURL(): entered
> >
> >      DNS resolver retrans: 2
> >
> >      DNS resolver retry  : 2
> >
> >      DNS resolver options: x'00000136'
> >
> >      DNS default domain: eb.lan.at
> >
> >      DNS server found: 10.3.42.1
> >
> >      DNS server found: 10.3.42.2
> >
> >      Nagle's algorithm (TCP_NODELAY) disabled.
> >
> >      SNI hostname set to: app-proxy.eb.lan.at
> >
> >      (GSKit) Peer hat empfangene Nachricht nicht erkannt oder falsch
> >      formatiert.
> >
> >      ssl_error(415): (GSKit) Peer hat empfangene Nachricht nicht erkannt
> >      oder falsch formatiert.
> >
> >      SetError() #30: SSL Handshake: (GSKit) Peer hat empfangene Nachricht
> >      nicht erkannt oder falsch f
> >
> >
> >      Just translating: "(GSKit) Peer not recognized or badly fomratted
> >      message received"
> >
> >
> >      Thanks a lot for the support.
> >
> >
> >      Mit freundlichen Grüßen/Best regards Mag. Alexander Grünwald
> >
> >
> >      Geschäftsführer/Projektmanagement
> >
> >      SOB Datenverarbeitungsges.m.b.H.
> >
> >      Albrechtstraße 60/9
> >
> >      A-3400 Klosterneuburg
> >
> >
> >      Tel. +43/2243/37201
> >
> >      Fax. +43/2243/37201/5
> >
> >      Mail: [1]alexander.gruenwald@xxxxxxxxxxx
> >
> > References
> >
> >      1. mailto:alexander.gruenwald@xxxxxxxxxxx

-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------