CallHTTPWithSSL
Priceless example!
Managed to connect to https://www-927.ibm.com/software/data/u2/support/u2techconnect/ by also changing...
X.DEPTH = 1 ;* Changed from 0 to 1 to allow signed by CA
X.SERVER.OR.CLIENT = 2 ;* CLIENT
X.RTN.CODE = set[[AuthenticationDepth]](X.CONTEXT, X.DEPTH, X.SERVER.OR.CLIENT)
and using the 'Equifax Secure Certificate Authority' certificate instead of one generated by java keytool. I looked in the protocol log to discover that the equifax certificate was required:
01/20/2004 18:14:51 SSL Certificate Verification: depth: 0 subject: [[/C]]=CA[[/O]]=IBM[[/CN]]=www-927.ibm.com issuer: [[/C]]=US[[/O]]=Equifax[[/OU]]=Equifax Secure Certificate Authority
I'm on xp, so used start > run mmc file > add/remove snap in > certificates certificates > trusted root cas > equifax action > all tasks > export
to get an equifax.cer certificate file instead of wendy's wsmoak_tomcat.cer, but i imagine these are available on the web somewhere - would be a lot easier if IBM included all the standard root CA files somewhere.
-- Simon Lewington [email protected]
Fixed! IBM said to use
X.USED.AS="2" ;* Used as an issuer certificate
X.FORMAT="2" ;* DER format
in the code below. (Both of those used to be "1" when I started this.)
I re-read the manual, and I still don't know enough about SSL to have figured that out.
-- Wendy Smoak [email protected]
Ian, yes, there's a reason. This is a simple test but eventually I need to POST over HTTPS to a third party. I can already do it over HTTP, but when I change to HTTPS, it breaks. So I switched to simple test code to see if I could find the problem.
-- Wendy
Wendy, is there are reason to do it from Basic? (other than for fun :-) cURL can download https
you could do
EXECUTE "!curl -k -o .[[/MYDIR/FNAME]] https://www.example.com" OPEN 'MYDIR' TO MYDIR ELSE STOP 201,'MYDIR' READ R FROM MYDIR, 'FNAME' ELSE STOP 'https get did not work'
Does anyone know where the documentation for createSecureRequest() is? It's not in the UniBasic Extensions manual...
Sample UniBasic code:
* WENDY SMOAK
EQUATE CRLF TO CHAR(013):CHAR(010)
X.LOG.FILE = 'XWDS.HTTP.LOG'
X.LOG.ACTION = 'ON'
X.LOG.LEVEL = '10'
X.RTN.CODE = protocolLogging(X.LOG.FILE, X.LOG.ACTION, X.LOG.LEVEL)
CRT 'protocolLogging: ':X.RTN.CODE
X.RTN.CODE = create[[SecurityContext]](X.CONTEXT, '')
CRT 'create[[SecurityContext]]: ':X.RTN.CODE
X.CERT.PATH="wsmoak_tomcat.cer"
;* changed next 2 lines from 1 to 2 per IBM
X.USED.AS="2" ;* Used as an issuer certificate
X.FORMAT="2" ;* DER format
X.ALGORITHM="1" ;* RSA key
X.RTN.CODE = addCertificate(X.CERT.PATH, X.USED.AS, X.FORMAT, X.ALGORITHM, X.CONTEXT)
CRT 'addCertificate: ':X.RTN.CODE
X.DEPTH = 0
X.SERVER.OR.CLIENT = 2 ;* CLIENT
X.RTN.CODE = set[[AuthenticationDepth]](X.CONTEXT, X.DEPTH, X.SERVER.OR.CLIENT)
CRT 'set[[AuthenticationDepth]]: ':X.RTN.CODE
X.RTN.CODE = show[[SecurityContext]](X.CONTEXT,X.CONFIG.INFO)
CRT 'show[[SecurityContext]]: ':X.RTN.CODE
SWAP @AM WITH CRLF IN X.CONFIG.INFO
CRT X.CONFIG.INFO
URL="https://your.server.here/index.html"
HTTP.METHOD="POST"
X.RTN.CODE = create[[SecureRequest]](URL,HTTP.METHOD,X.HANDLE,X.CONTEXT)
CRT 'create[[SecureRequest]]: ':X.RTN.CODE
X.RTN.CODE = submitRequest(X.HANDLE,'','',X.RESPONSE.HEADERS,X.RESPONSE.DATA,X.HTTP.STATUS)
CRT 'submitRequest: ':X.RTN.CODE
CRT 'X.RESPONSE.HEADERS = ':X.RESPONSE.HEADERS
CRT 'X.RESPONSE.DATA = ':X.RESPONSE.DATA
CRT 'X.HTTP.STATUS = ':X.HTTP.STATUS
X.LOG.ACTION = 'OFF'
X.RTN.CODE = protocolLogging(X.LOG.FILE, X.LOG.ACTION, X.LOG.LEVEL)
CRT 'protocolLogging: ':X.RTN.CODE
Certificate
The Certificate I'm using was generated and exported with 'keytool', which is a utility that is distributed with Sun's JDK, of which I'm using version 1.4.1_02.
http://java.sun.com/j2se/1.4.1/docs/tooldocs/solaris/keytool.html
The web server I'm using is Tomcat 4.1.24, and I followed these directions to enable SSL: http://jakarta.apache.org/tomcat/tomcat-4.1-doc/ssl-howto.html
The original .keystore file was generated with:
> keytool -genkey -alias tomcat -keyalg RSA
And then the .cer file was exported with:
> keytool -export -alias tomcat -file wsmoak_tomcat.cer
