Hi all,
I'm trying to do web requests with https and the createSecureRequest functions un UniVerse. Below is a sample that I copied from the PICKWIKI, which I believe was originally posted by Wendy Smoak. Once I get this example working, I need use the secure functions to do credit card processing. We've tried everything we know of to try and get this to work on our servers. When we set the VerificationStrength to "generous", everything is fine. But if we set it to "strict", we can get it to complete. I'd prefer to use the "strict" setting and know that things are being verified the way that they should be. We've tried with no certificates. We tried saving the IBM certificate onto the unix box by itself and passing the absolute path name to the ".cer" file into the addCertificate function. We tried saving both the IBM and the Equifax certificates onto the unix box and then passing just the directory name containing both into the addCertificate function. It's latest complaint is that there's a self-signed certificate in the chain. (See below for the log file) Universe 10.1.12, PICK Flavor, UNIX (Sun O/S) If anyone has any experience with this or could offer any insight / thoughts, I'd sure appreciate it. EQUATE CRLF TO CHAR(013):CHAR(010) EXECUTE "SH -c 'rm DLJ.HTTP.LOG'" X.LOG.FILE = 'DLJ.HTTP.LOG' X.LOG.ACTION = 'ON' X.LOG.LEVEL = '10' X.RTN.CODE = protocolLogging(X.LOG.FILE, X.LOG.ACTION, X.LOG.LEVEL) CRT 'protocolLogging: ':X.RTN.CODE X.RTN.CODE = setHTTPDefault("VERSION", "1.1") CRT 'setting VERSION to 1.1 : ':X.RTN.CODE X.RTN.CODE = createSecurityContext(X.CONTEXT, '') CRT 'createSecurityContext: ':X.RTN.CODE URL = "https://www-927.ibm.com/software/data/u2/support/u2techconnect/" POST.DATA = "" X.CERT.PATH="/cubs/winxfer/Certificates/IBMTechSupport.cer" * changed next 2 lines from 1 to 2 per IBM X.USED.AS="2" ; * Used as an issuer certificate X.FORMAT="2" ; * DER format X.ALGORITHM="1" ; * RSA key X.RTN.CODE = addCertificate(X.CERT.PATH, X.USED.AS, X.FORMAT, X.ALGORITHM, X.CONTEXT) CRT 'addCertificate: ':X.RTN.CODE *X = addAuthenticationRule(X.CONTEXT,2, "VerificationStrength", "generous") *CRT 'VerificationStrength addAuthenticationRule = ':X X.DEPTH = 2 X.SERVER.OR.CLIENT = 2 ; * CLIENT X.RTN.CODE = setAuthenticationDepth(X.CONTEXT, X.DEPTH, X.SERVER.OR.CLIENT) CRT 'setAuthenticationDepth: ':X.RTN.CODE HTTP.METHOD="POST" X.RTN.CODE = createSecureRequest(URL,HTTP.METHOD,X.HANDLE,X.CONTEXT) CRT 'createSecureRequest: ':X.RTN.CODE X.RTN.CODE = submitRequest(X.HANDLE,'',POST.DATA,X.RESPONSE.HEADERS,X.RESPONSE.DATA,X .HTTP.STATUS) CRT 'submitRequest: ':X.RTN.CODE CRT 'X.RESPONSE.HEADERS = ':X.RESPONSE.HEADERS CRT 'X.RESPONSE.DATA = ':X.RESPONSE.DATA CRT 'X.HTTP.STATUS = ':X.HTTP.STATUS X.LOG.ACTION = 'OFF' X.RTN.CODE = protocolLogging(X.LOG.FILE, X.LOG.ACTION, X.LOG.LEVEL) CRT 'protocolLogging: ':X.RTN.CODE LOG FILE 07/28/2006 16:06:58 setHTTPDefault ... name=VERSION, value=1.1 07/28/2006 16:06:58 set default HTTP version: 1.1 07/28/2006 16:06:58 createSecurityContext ... version= 07/28/2006 16:06:58 security context 46d8d0 allocated 07/28/2006 16:06:58 addCertificate ... certPath=/cubs/winxfer/Certificates/IBMTechSupport.cer,usedAs=2,format=2 ,algorithm=1 07/28/2006 16:06:58 loading CA-cert file: /cubs/winxfer/Certificates/IBMTechSupport.cer 07/28/2006 16:06:58 setAuthenticationDepth ... depth=2,s_or_c=2 07/28/2006 16:06:58 createSecureRequest ... 504cb0: URL=https://www-927.ibm.com/software/data/u2/support/u2techconnect/,meth od=POST 07/28/2006 16:06:58 setRequestHeader: standard header Content-Type=application/x-www-form-urlencoded 07/28/2006 16:06:58 new header Content-Type added with value application/x-www-form-urlencoded 07/28/2006 16:06:58 current Request date: Fri, 28 Jul 2006 21:06:58 GMT 07/28/2006 16:06:58 submitRequest ... Var 504cb0: host=www-927.ibm.com,timeout=0 07/28/2006 16:06:58 Assembled Request: POST /software/data/u2/support/u2techconnect/ HTTP/1.1 Date: Fri, 28 Jul 2006 21:06:58 GMT Host: www-927.ibm.com User-Agent: IBM UniVerse 10.x Content-Length: 0 07/28/2006 16:06:58 HTTP_START 07/28/2006 16:06:58 HTTP_CONNECT 07/28/2006 16:06:58 new host 509950:www-927.ibm.com:443 allocated (proxy:no) 07/28/2006 16:06:58 host www-927.ibm.com:443 not found in hostList 07/28/2006 16:06:58 socket 466640 allocated 07/28/2006 16:06:58 start SSLbinding ... 07/28/2006 16:06:58 loading SSL method ... 07/28/2006 16:06:58 No self-cert file set in context (OK for client)! 07/28/2006 16:06:58 No private key availble, OK for client. 07/28/2006 16:06:58 loading CA-cert file: /cubs/winxfer/Certificates/IBMTechSupport.cer 07/28/2006 16:06:58 loading random seed data from /cubs/dbms/SAPROD/.rnd 07/28/2006 16:06:58 begin SSL connect ... 07/28/2006 16:06:58 SSL trace: Handshake: start 07/28/2006 16:06:58 SSL trace: Loop: before/connect initialization 07/28/2006 16:06:58 SSL trace: Loop: SSLv2/v3 write client hello A 07/28/2006 16:06:59 ssl3_read_bytes: calling ssl3_get_record() 07/28/2006 16:06:59 ssl3_get_record: calling ssl3_read_n asking 5 bytes data 07/28/2006 16:06:59 ssl3_read_n: return 5 bytes from buf[0] 07/28/2006 16:06:59 ssl3_get_record: ssl3_read_n returned with 5 07/28/2006 16:06:59 ssl3_get_record: 2-calling ssl3_read_n asking 1599 bytes data 07/28/2006 16:06:59 ssl3_read_n: calling BIO_read() asking 1597 bytes to buf[7] 07/28/2006 16:06:59 ssl3_get_record: 2-ssl3_read_n returned with 1599 07/28/2006 16:06:59 ssl3_get_record: returning with 1599 bytes in buffer 07/28/2006 16:06:59 ssl3_read_bytes: return data 4=[1] 07/28/2006 16:06:59 ssl3_read_bytes: return data 70= ________________________________ 07/28/2006 16:06:59 SSL trace: Loop: SSLv3 read server hello A 07/28/2006 16:06:59 ssl3_read_bytes: return data 4= 07/28/2006 16:06:59 ssl3_read_bytes: return data 1517= 07/28/2006 16:06:59 Verification strength: strict 07/28/2006 16:06:59 SSL Certificate Verification: depth: 1 subject: /C=US/O=Equifax/OU=Equifax Secure Certificate Authority issuer: /C=US/O=Equifax/OU=Equifax Secure Certificate Authority 07/28/2006 16:06:59 Peer certificate not verified. Reason: 19, self signed certificate in certificate chain 07/28/2006 16:06:59 SSL trace: Write: SSLv3 read server certificate B 07/28/2006 16:06:59 SSL trace: Exit: error in SSLv3 read server certificate B 07/28/2006 16:06:59 SSL trace: Exit: error in SSLv3 read server certificate B 07/28/2006 16:06:59 SSL connect error: -1! 1612:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:s3_clnt.c:832: 07/28/2006 16:06:59 SSLbinding failed! 07/28/2006 16:06:59 Socket 466640 closed and freed: 0(No error) 0(No error) 07/28/2006 16:06:59 Secure Socket (www-927.ibm.com:443) not opened 07/28/2006 16:06:59 HTTP_ERROR 07/28/2006 16:06:59 Host 509950 freed 07/28/2006 16:06:59 protocolLogging ... name=DLJ.HTTP.LOG,action=OFF,level=10 Thanks, Donnie Jacobs (210)-403-8742 ------- u2-users mailing list u2-users@listserver.u2ug.org To unsubscribe please visit http://listserver.u2ug.org/