[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


   https_init() with an application ID should be done if you want to
   fine-tune the way SSL is used.  Typically, the only time that's really
   necessary is if you are using client-side certificates, which is
   extremely rare.
   If you do not call https_init() (or if you call it with *BLANKS as a
   parameter) then HTTPAPI will use default SSL settings rather than
   require you to configure them.   If you do not call https_init()
   yourself, HTTPAPI will initialize SSL on the first use of an
   [1]https:// URL.  (Essentially, it calls https_init(*blanks) for you in
   this case.)
   Once the SSL environment has been set up (either by HTTPAPI doing it,
   or by you calling https_init) HTTPAPI will remember the SSL settings.
   This is done for performance reasons, and in most cases there's no need
   to unload this or reset it.  It only caches the SSL settings for your
   server, it does not cache the ones for the site you connect to, so you
   can keep the SSL settings in cache and re-use them with lots of other
   servers without causing any problems.
   The only time it really makes sense to unload the SSL cache and change
   the settings is if you want to use different server-side settings.
   And the only reasons I can think of that you'd want to do that is if
   you changed the CA certificates on your server, or if you were using a
   client-side certificate and wnat to change to a different client-side
   You do not have to reclaim the activation group to reset the SSL
   environment.  There are three ways to reset it:
   1) You can call https_init() with a different application ID than you
   did previously.  HTTPAPI will detect that you want to use a different
   DCM application profile, and will automatically reset the settings and
   create a new SSL environment.   This is what I recommend if your goal
   is to change client certificates.  Every application that uses client
   certificates should call https_init() with it's client certificate
   settings at the start, and so HTTPAPI will switch to the appropriate
   SSL profile.
   2) You can call https_cleanup().  This will remove the cached SSL
   environment from memory.   If you call https_init() after that, it will
   create a new SSL environment.  Or if you call an [2]https:// URL after
   that, it'll set up a new enviroment with default settings.
   3) You can end the activation group, as you already know.  This is the
   least efficient method -- but it will have the same effect on SSL as
   #2, but, of course it'll reset everything else in the activation group
   as well.
   Hope that helps.

   On 11/20/2013 1:24 PM, Julio Cabrera wrote:


   We are working in or company for 3 years now. We installed  HTTP API
   V1.24 and OS V7.1 in our AS400 last week and also convert the programs
   to consume the Web Services with SSL ( using https;//      ).

   I have 2 questions :

    1. When using SSL, is it necessary to unload HTTPAPI from memory so
       that it is reactivated on the next  call? By ending the activation
       group with the CEETREC API. If true, wouldn't this cause poor
       performance?  Does the answer change if we're validating with an
       application ID or sending a *blank application ID to

    2. Also, I noticed that both service programs, HTTPAPIR4 & EXPAT, were
       created under activation group  *CALLER, therefore by issuing the
       call to CEETREC API will kill everything for the activation group
       they end up running under, except of course *DFTACTGRP. What would
       be the implications of not unloading HTTPAPI from memory? Meaning,
       leaving the housekeeping to when the job ends or the activation
       group is deleted within the job.

   Thanks for your help


   Sr. Programmer Analyst, Information Technology

   Interval International

   6262 Sunset Drive o Miami, Florida 33143

   305.666.1861, ext. 7287 o direct 305.925.7287

   cell 305.928.7925 o fax 305.668.3409


   IntervalWorld.com o ResortDeveloper.com

   This electronic mail message is intended exclusively for the individual
   or entity to which it is addressed. This message, together with any
   attachment, may contain confidential and privileged information. Any
   views, opinions or conclusions expressed in this message are those of
   the individual sender and do not necessarily reflect the views of
   Interval Leisure Group, Interval International, and their affiliates.
   Any unauthorized review, use, printing, copying, retention, disclosure
   or distribution is strictly prohibited. If you have received this
   message in error, please immediately advise the sender by replying to
   this email and delete all copies of this message. Thank you.


   1. [4]mailto:Julio.Cabrera@xxxxxxxxxxxxxxxx

This is the FTPAPI mailing list.  To unsubscribe, please go to:


   1. https:///
   2. https:///
   3. mailto:1]Julio.Cabrera@xxxxxxxxxxxxxxxx
   4. mailto:Julio.Cabrera@xxxxxxxxxxxxxxxx
   5. http://www.scottklement.com/mailman/listinfo/ftpapi
This is the FTPAPI mailing list.  To unsubscribe, please go to: