[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
AW: AW: Difference Version 1.24 and 1.32
Hi Scott,
today I tested again and ensured, that I have a working copy of V1.24 and could make all necessary changes to 1.32. Now it worked as explained by you.
Thanks for support.
I will probably come back with a new proxy question, but will have to set up the testcases based on the latest available version.
Mit freundlichen Grüßen/Best regards Mag. Alexander Grünwald
-----Ursprüngliche Nachricht-----
Von: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx [mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx] Im Auftrag von Scott Klement
Gesendet: Montag, 05. September 2016 08:45
An: HTTPAPI and FTPAPI Projects
Betreff: Re: AW: Difference Version 1.24 and 1.32
Alexander,
You are getting an SSL/TLS error saying that it doesn't understand the format of the message. This is the only change that was made to SSL/TLS
in HTTPAPI. Are you certain that you didn't make any changes between
version 1.24 and 1.32? Is there any changes to the networking, digital
certificate manager, or the host/port you are connecting to?
-SK
On 9/4/2016 12:43 PM, Alexander Grünwald wrote:
> Hello Scott,
>
> unfortunately this change didn´t make it work: I get the same error,although I used your https_init advice and set all the parameters:
>
> HTTPAPI Ver 1.32 released 2016-02-10
> NTLM Ver 1.4.0 released 2014-12-22
> OS/400 Ver V7R1M0
>
> New iconv() objects set, PostRem=819. PostLoc=0. ProtRem=819.
> ProtLoc=0
> http_setauth(): entered
> https_init(): entered
> QSSLPCL = *OPSYS
> SSL version 2 support disabled
> SSL version 3 support enabled
> Old interface to TLS version 1.0 support enabled TLS version 1.0
> support enabled TLS version 1.1 support enabled TLS version 1.2
> support enabled
> ----------------------------------------------------------------------
> --------------- Dump of local-side certificate information:
> ----------------------------------------------------------------------
> ---------------
> http_url_post(): entered
> http_persist_open(): entered
> http_long_ParseURL(): entered
> DNS resolver retrans: 2
> DNS resolver retry : 2
> DNS resolver options: x'00000136'
> DNS default domain: eb.lan.at
> DNS server found: 10.3.42.1
> DNS server found: 10.3.42.2
> Nagle's algorithm (TCP_NODELAY) disabled.
> SNI hostname set to: app-proxy.eb.lan.at
> (GSKit) Peer hat empfangene Nachricht nicht erkannt oder falsch formatiert.
> ssl_error(415): (GSKit) Peer hat empfangene Nachricht nicht erkannt oder falsch formatiert.
> SetError() #30: SSL Handshake: (GSKit) Peer hat empfangene Nachricht
> nicht erkannt oder falsch f
>
>
> Any more ideas that could help me?
> Thanks a lot, Alexander
>
> -----Ursprüngliche Nachricht-----
> Von: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx
> [mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx] Im Auftrag von Scott
> Klement
> Gesendet: Freitag, 2. September 2016 06:06
> An: HTTPAPI and FTPAPI Projects <ftpapi@xxxxxxxxxxxxxxxxxxxxxx>
> Betreff: Re: Difference Version 1.24 and 1.32
>
> Alexander,
>
> In version 1.26 and later, I changed HTTPAPI so that SSL version 3 is
> disabled by default. This was done because major security
> vulnerabilities were found in that version of the protocol, and security experts were warning that continued use of SSLv3 was not safe.
>
> Could this be the problem? Does the site you're accessing require SSLv3?
>
> If so, you can tell HTTPAPI to use SSLv3 by calling https_init() before using SSL in your program. For example:
>
> https_init(*blanks: *OFF: *ON: *ON: *ON: *ON);
>
> The 3rd parameter (the first *ON in the example above) controls
> whether
> SSLv3 is enabled. By default this is *OFF.
>
> Good luck!
>
>
> On 9/1/2016 7:45 AM, Alexander Grünwald wrote:
>> Hello !!
>>
>> I am actually struggeling with proxy access and tried to use a later
>> version 1.32 instead of the 1.24 I am still using in production. Using
>> the same program and access with version 1.24 works fine (see debug log
>> below):
>>
>>
>> HTTPAPI Ver 1.24 released 2012-01-23
>>
>> OS/400 Ver V7R1M0
>>
>>
>> New iconv() objects set, PostRem=819. PostLoc=0. ProtRem=819.
>> ProtLoc=0
>>
>> http_setauth(): entered
>>
>> https_init(): entered
>>
>> -----------------------------------------------------------------------
>> --------------
>>
>> Dump of local-side certificate information:
>>
>> -----------------------------------------------------------------------
>> --------------
>>
>> http_url_post(): entered
>>
>> http_persist_open(): entered
>>
>> http_long_ParseURL(): entered
>>
>> DNS resolver retrans: 2
>>
>> DNS resolver retry : 2
>>
>> DNS resolver options: x'00000136'
>>
>> DNS default domain: eb.lan.at
>>
>> DNS server found: 10.3.42.1
>>
>> DNS server found: 10.3.42.2
>>
>> -----------------------------------------------------------------------
>> --------------
>>
>> Dump of server-side certificate information:
>>
>> -----------------------------------------------------------------------
>> --------------
>>
>> Cert Validation Code = 0
>>
>> -----BEGIN CERTIFICATE-----
>>
>> ....
>>
>> -----END CERTIFICATE-----
>>
>> Serial Number: 41:C2:BA:71:14:31:28:E4:16:34:1B:64:23:2A:44:42
>>
>> Common Name: secure.armstrongconsulting.com
>>
>> Org: Domain Validated, OU=Thawte SSL123 certificate, OU=Go to
>> https://www.thawte.com/repository/index.html
>>
>> Issuer CN: Thawte DV SSL CA
>>
>> Issuer Country: US
>>
>> Issuer Org: Thawte, Inc.
>>
>> Issuer Org Unit: Domain Validated SSL
>>
>> Version: 3
>>
>> not before: 20140505020000
>>
>> Unknown Field: 02:00:00 05-05-2014
>>
>> not after: 20170508015959
>>
>> Unknown Field: 01:59:59 08-05-2017
>>
>> pub key alg: 1.2.840.113549.1.1.5
>>
>>
>> Protocol Used: TLS Version 1
>>
>> http_persist_post(): entered
>>
>> http_persist_req(POST) entered.
>>
>> http_long_ParseURL(): entered
>>
>> do_oper(POST): entered
>>
>> There are 0 cookies in the cache
>>
>> POST /cofaserve/api/webservices/test/V2/insurancePortfolio
>> HTTP/1.1
>>
>> Host: app-proxy.eb.lan.at:10071
>>
>> User-Agent: SOAP Toolkit 3.0
>>
>> Content-Type: text/xml; charset="UTF-8"
>>
>> SOAPAction:
>> https://cofaserve.coface.com/insuranceProducts/V1/companySearch
>>
>> Content-Length: 812
>>
>> Authorization: Basic Q0cxNjAxMzA6Nzc4OTEy
>>
>>
>>
>> senddoc(): entered
>>
>> .....
>>
>>
>> recvresp(): entered
>>
>> HTTP/1.1 200 OK
>>
>> Date: Thu, 01 Sep 2016 12:44:08 GMT
>>
>> Server: Werkzeug/0.11.4 Python/2.7.11
>>
>> Content-Type: text/xml; charset=utf-8
>>
>> Content-Length: 1417
>>
>> Via: 1.1 secure.armstrongconsulting.com:10071
>>
>> Vary: Accept-Encoding
>>
>>
>>
>> SetError() #13: HTTP/1.1 200 OK
>>
>> recvresp(): end with 200
>>
>> recvdoc parms: identity 1417
>>
>> header_load_cookies() entered
>>
>> recvdoc(): entered
>>
>> SetError() #0:
>>
>> ....
>>
>>
>> http_close(): entered
>>
>>
>> Only changing the library to version 1.32 (changing my BndDir statement
>> and the /copy modules) doesn´t work. What might be the difference that
>> leads to this ?:
>>
>>
>> HTTPAPI Ver 1.32 released 2016-02-10
>>
>> NTLM Ver 1.4.0 released 2014-12-22
>>
>> OS/400 Ver V7R1M0
>>
>>
>> New iconv() objects set, PostRem=819. PostLoc=0. ProtRem=819.
>> ProtLoc=0
>>
>> http_setauth(): entered
>>
>> https_init(): entered
>>
>> QSSLPCL = *OPSYS
>>
>> SSL version 2 support disabled
>>
>> SSL version 3 support disabled
>>
>> Old interface to TLS version 1.0 support enabled
>>
>> TLS version 1.0 support enabled
>>
>> TLS version 1.1 support enabled
>>
>> TLS version 1.2 support enabled
>>
>> -----------------------------------------------------------------------
>> --------------
>>
>> Dump of local-side certificate information:
>>
>> -----------------------------------------------------------------------
>> --------------
>>
>> http_url_post(): entered
>>
>> http_persist_open(): entered
>>
>> http_long_ParseURL(): entered
>>
>> DNS resolver retrans: 2
>>
>> DNS resolver retry : 2
>>
>> DNS resolver options: x'00000136'
>>
>> DNS default domain: eb.lan.at
>>
>> DNS server found: 10.3.42.1
>>
>> DNS server found: 10.3.42.2
>>
>> Nagle's algorithm (TCP_NODELAY) disabled.
>>
>> SNI hostname set to: app-proxy.eb.lan.at
>>
>> (GSKit) Peer hat empfangene Nachricht nicht erkannt oder falsch
>> formatiert.
>>
>> ssl_error(415): (GSKit) Peer hat empfangene Nachricht nicht erkannt
>> oder falsch formatiert.
>>
>> SetError() #30: SSL Handshake: (GSKit) Peer hat empfangene Nachricht
>> nicht erkannt oder falsch f
>>
>>
>> Just translating: "(GSKit) Peer not recognized or badly fomratted
>> message received"
>>
>>
>> Thanks a lot for the support.
>>
>>
>> Mit freundlichen Grüßen/Best regards Mag. Alexander Grünwald
>>
>>
>> Geschäftsführer/Projektmanagement
>>
>> SOB Datenverarbeitungsges.m.b.H.
>>
>> Albrechtstraße 60/9
>>
>> A-3400 Klosterneuburg
>>
>>
>> Tel. +43/2243/37201
>>
>> Fax. +43/2243/37201/5
>>
>> Mail: [1]alexander.gruenwald@xxxxxxxxxxx
>>
>> References
>>
>> 1. mailto:alexander.gruenwald@xxxxxxxxxxx
>>
-----------------------------------------------------------------------
This is the FTPAPI mailing list. To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------
-----------------------------------------------------------------------
This is the FTPAPI mailing list. To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------