Hi all,
I'm trying to do web requests with https and the createSecureRequest
functions un UniVerse.
Below is a sample that I copied from the PICKWIKI, which I believe was
originally posted by Wendy Smoak. Once I get this example working, I
need use the secure functions to do credit card processing.
We've tried everything we know of to try and get this to work on our
servers. When we set the VerificationStrength to "generous", everything
is fine. But if we set it to "strict", we can get it to complete. I'd
prefer to use the "strict" setting and know that things are being
verified the way that they should be.
We've tried with no certificates.
We tried saving the IBM certificate onto the unix box by itself and
passing the absolute path name to the ".cer" file into the
addCertificate function.
We tried saving both the IBM and the Equifax certificates onto the unix
box and then passing just the directory name containing both into the
addCertificate function.
It's latest complaint is that there's a self-signed certificate in the
chain. (See below for the log file)
Universe 10.1.12, PICK Flavor, UNIX (Sun O/S)
If anyone has any experience with this or could offer any insight /
thoughts, I'd sure appreciate it.
EQUATE CRLF TO CHAR(013):CHAR(010)
EXECUTE "SH -c 'rm DLJ.HTTP.LOG'"
X.LOG.FILE = 'DLJ.HTTP.LOG'
X.LOG.ACTION = 'ON'
X.LOG.LEVEL = '10'
X.RTN.CODE = protocolLogging(X.LOG.FILE, X.LOG.ACTION,
X.LOG.LEVEL)
CRT 'protocolLogging: ':X.RTN.CODE
X.RTN.CODE = setHTTPDefault("VERSION", "1.1")
CRT 'setting VERSION to 1.1 : ':X.RTN.CODE
X.RTN.CODE = createSecurityContext(X.CONTEXT, '')
CRT 'createSecurityContext: ':X.RTN.CODE
URL =
"https://www-927.ibm.com/software/data/u2/support/u2techconnect/";
POST.DATA = ""
X.CERT.PATH="/cubs/winxfer/Certificates/IBMTechSupport.cer"
* changed next 2 lines from 1 to 2 per IBM
X.USED.AS="2" ; * Used as an issuer
certificate
X.FORMAT="2" ; * DER format
X.ALGORITHM="1" ; * RSA key
X.RTN.CODE = addCertificate(X.CERT.PATH, X.USED.AS, X.FORMAT,
X.ALGORITHM, X.CONTEXT)
CRT 'addCertificate: ':X.RTN.CODE
*X = addAuthenticationRule(X.CONTEXT,2, "VerificationStrength",
"generous")
*CRT 'VerificationStrength addAuthenticationRule = ':X
X.DEPTH = 2
X.SERVER.OR.CLIENT = 2 ; * CLIENT
X.RTN.CODE = setAuthenticationDepth(X.CONTEXT, X.DEPTH,
X.SERVER.OR.CLIENT)
CRT 'setAuthenticationDepth: ':X.RTN.CODE
HTTP.METHOD="POST"
X.RTN.CODE =
createSecureRequest(URL,HTTP.METHOD,X.HANDLE,X.CONTEXT)
CRT 'createSecureRequest: ':X.RTN.CODE
X.RTN.CODE =
submitRequest(X.HANDLE,'',POST.DATA,X.RESPONSE.HEADERS,X.RESPONSE.DATA,X
.HTTP.STATUS)
CRT 'submitRequest: ':X.RTN.CODE
CRT 'X.RESPONSE.HEADERS = ':X.RESPONSE.HEADERS
CRT 'X.RESPONSE.DATA = ':X.RESPONSE.DATA
CRT 'X.HTTP.STATUS = ':X.HTTP.STATUS
X.LOG.ACTION = 'OFF'
X.RTN.CODE = protocolLogging(X.LOG.FILE, X.LOG.ACTION,
X.LOG.LEVEL)
CRT 'protocolLogging: ':X.RTN.CODE
LOG FILE
07/28/2006 16:06:58 setHTTPDefault ... name=VERSION, value=1.1
07/28/2006 16:06:58 set default HTTP version: 1.1
07/28/2006 16:06:58 createSecurityContext ... version=
07/28/2006 16:06:58 security context 46d8d0 allocated
07/28/2006 16:06:58 addCertificate ...
certPath=/cubs/winxfer/Certificates/IBMTechSupport.cer,usedAs=2,format=2
,algorithm=1
07/28/2006 16:06:58 loading CA-cert file:
/cubs/winxfer/Certificates/IBMTechSupport.cer
07/28/2006 16:06:58 setAuthenticationDepth ... depth=2,s_or_c=2
07/28/2006 16:06:58 createSecureRequest ... 504cb0:
URL=https://www-927.ibm.com/software/data/u2/support/u2techconnect/,meth
od=POST
07/28/2006 16:06:58 setRequestHeader: standard header
Content-Type=application/x-www-form-urlencoded
07/28/2006 16:06:58 new header Content-Type added with value
application/x-www-form-urlencoded
07/28/2006 16:06:58 current Request date: Fri, 28 Jul 2006 21:06:58 GMT
07/28/2006 16:06:58 submitRequest ... Var 504cb0:
host=www-927.ibm.com,timeout=0
07/28/2006 16:06:58 Assembled Request:
POST /software/data/u2/support/u2techconnect/ HTTP/1.1
Date: Fri, 28 Jul 2006 21:06:58 GMT
Host: www-927.ibm.com
User-Agent: IBM UniVerse 10.x
Content-Length: 0
07/28/2006 16:06:58 HTTP_START
07/28/2006 16:06:58 HTTP_CONNECT
07/28/2006 16:06:58 new host 509950:www-927.ibm.com:443 allocated
(proxy:no)
07/28/2006 16:06:58 host www-927.ibm.com:443 not found in hostList
07/28/2006 16:06:58 socket 466640 allocated
07/28/2006 16:06:58 start SSLbinding ...
07/28/2006 16:06:58 loading SSL method ...
07/28/2006 16:06:58 No self-cert file set in context (OK for client)!
07/28/2006 16:06:58 No private key availble, OK for client.
07/28/2006 16:06:58 loading CA-cert file:
/cubs/winxfer/Certificates/IBMTechSupport.cer
07/28/2006 16:06:58 loading random seed data from /cubs/dbms/SAPROD/.rnd
07/28/2006 16:06:58 begin SSL connect ...
07/28/2006 16:06:58 SSL trace: Handshake: start
07/28/2006 16:06:58 SSL trace: Loop: before/connect initialization
07/28/2006 16:06:58 SSL trace: Loop: SSLv2/v3 write client hello A
07/28/2006 16:06:59 ssl3_read_bytes: calling ssl3_get_record()
07/28/2006 16:06:59 ssl3_get_record: calling ssl3_read_n asking 5 bytes
data
07/28/2006 16:06:59 ssl3_read_n: return 5 bytes from buf[0]
07/28/2006 16:06:59 ssl3_get_record: ssl3_read_n returned with 5
07/28/2006 16:06:59 ssl3_get_record: 2-calling ssl3_read_n asking 1599
bytes data
07/28/2006 16:06:59 ssl3_read_n: calling BIO_read() asking 1597 bytes to
buf[7]
07/28/2006 16:06:59 ssl3_get_record: 2-ssl3_read_n returned with 1599
07/28/2006 16:06:59 ssl3_get_record: returning with 1599 bytes in buffer
07/28/2006 16:06:59 ssl3_read_bytes: return data 4=[1]
07/28/2006 16:06:59 ssl3_read_bytes: return data 70=
________________________________
07/28/2006 16:06:59 SSL trace: Loop: SSLv3 read server hello A
07/28/2006 16:06:59 ssl3_read_bytes: return data 4=
07/28/2006 16:06:59 ssl3_read_bytes: return data 1517=
07/28/2006 16:06:59 Verification strength: strict
07/28/2006 16:06:59 SSL Certificate Verification:
depth: 1
subject: /C=US/O=Equifax/OU=Equifax Secure Certificate Authority
issuer: /C=US/O=Equifax/OU=Equifax Secure Certificate Authority
07/28/2006 16:06:59 Peer certificate not verified.
Reason: 19, self signed certificate in certificate chain
07/28/2006 16:06:59 SSL trace: Write: SSLv3 read server certificate B
07/28/2006 16:06:59 SSL trace: Exit: error in SSLv3 read server
certificate B
07/28/2006 16:06:59 SSL trace: Exit: error in SSLv3 read server
certificate B
07/28/2006 16:06:59 SSL connect error: -1!
1612:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
verify failed:s3_clnt.c:832:
07/28/2006 16:06:59 SSLbinding failed!
07/28/2006 16:06:59 Socket 466640 closed and freed: 0(No error) 0(No
error)
07/28/2006 16:06:59 Secure Socket (www-927.ibm.com:443) not opened
07/28/2006 16:06:59 HTTP_ERROR
07/28/2006 16:06:59 Host 509950 freed
07/28/2006 16:06:59 protocolLogging ...
name=DLJ.HTTP.LOG,action=OFF,level=10
Thanks,
Donnie Jacobs
(210)-403-8742
-------
u2-users mailing list
u2-users@listserver.u2ug.org
To unsubscribe please visit http://listserver.u2ug.org/
