× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. C400-L
  3. January 2024

Re: GSK TLS/SSL

Kelly,

All of the steps you have carried out seem to be OK, it must be in the environment set up that you have a problem? Maybe it is when you register your application or maybe the TLS version you are using is not acceptable or something? Hard to say with the code you have provided, but that same code matches with code that we use in our products and have no issues.

Chris...

-----Original Message-----
From: C400-L <c400-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of Kelly Beard
Sent: Friday, January 12, 2024 3:28 PM
To: Bare Metal Programming IBM i (AS/400 and iSeries) <c400-l@xxxxxxxxxxxxxxxxxx>
Subject: Re: [C400-L] GSK TLS/SSL

Thats fine, but I'm not even getting to the point where I can send data.
gsk_secure_soc_init() is failing with what I'm assuming is the handshake negotiation.

All of this code runs after a successful connect():

/* open a secure session */
step = "gsk_secure_soc_open";
rc = errno = 0;
rc = gsk_secure_soc_open(my_env_handle, &my_session_handle);
if (rc != GSK_OK) {
cerr << "gsk_secure_soc_open() failed with rc = " << rc << " (" <<
gsk_strerror(rc) << "), errno=" << strerror(errno) << "\n";
exit(-1);
}
cerr << "step: " << step << '\n';
cerr << "my_session_handle=" << my_session_handle << '\n';

/* associate our socket with the secure session */
step = "gsk_attribute_set_numeric_value";
rc = errno = 0;
rc = gsk_attribute_set_numeric_value(my_session_handle, GSK_FD, sd);
if (rc != GSK_OK) {
cerr << "gsk_attribute_set_numeric_value() failed with rc = " << rc << " (" << gsk_strerror(rc) << "), errno=" << strerror(errno) << "\n";
exit(-1);
}
cerr << "step: " << step << '\n';

#if defined(NOT_DEFINED)
gsk_soc_data * gsk_secure_soc_init(gsk_soc_init_data *init_data); #endif

/* initiate the secure handshake */
step = "gsk_secure_soc_init";
//rc = errno = 0;
rc = gsk_secure_soc_init(my_session_handle);
if (rc != GSK_OK) {
cerr << "gsk_secure_soc_init() failed with rc = " << rc << " (" <<
gsk_strerror(rc) << "), errno=" << strerror(errno) << "\n";
exit(-1);
}
cerr << "step: " << step << '\n';

and it ends here. Immediately after this, gsk_secure_soc_write() would be called.

On Fri, Jan 12, 2024 at 1:33 PM Chris Hird <chrish@xxxxxxxxxxxxxxxxxx>
wrote:

If it is an ASCII target you will need to convert the data both out
and in. The API's are just about encrypting what data you present,
nothing to do with ASCII/EBCDIC conversion.

Chris..

-----Original Message-----
From: C400-L <c400-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of Kelly
Beard
Sent: Friday, January 12, 2024 2:31 PM
To: Bare Metal Programming IBM i (AS/400 and iSeries) <
c400-l@xxxxxxxxxxxxxxxxxx>
Subject: Re: [C400-L] GSK TLS/SSL

Is the remote ASCII-based? Factually I do not know but I will find out.
If the answer is yes, what do I do with that information?

As for HTTP/HTTPS, it will not be that at all. Streaming data.

Program is written in C.

Have not tried Postman. If I can use it

On Fri, Jan 12, 2024 at 1:08 PM Jon Paris <jon.paris@xxxxxxxxxxxxxx>
wrote:

Your program is written in C? If not what?

Have you tried using a tried-and-true package like Scott Klement's
HTTPAPI?

Can you connect using Postman or Insomnia or ... ?

Can you connect using the SQL HTTP routines?


Jon P.

On Jan 12, 2024, at 1:50 PM, Kelly Beard
<kenverybigliar@xxxxxxxxx>
wrote:

What can I do with this? The guy I am trying to communicate with
on the other end says that he sees 'something' and I am trying to
get from him what it is, but as far as I can tell, my program is
not getting to a
point
where actual data is being sent, but probably security handshaking.
I gotta believe that the iSeries is not trying to communicate in
something like EBCDIC here, but it seems like the two sides cannot
'see' what each other is trying to do. I guess I need to know if
there is some advanced logging I can turn on for this. This
project is kinda stuck unless I can get some more information. My
program is a client connecting to a
server.
The connection end is working but the "Peer not recognized or
badly formatted message received." is making me wonder about text
exchange, if something like that is happening. I have a
certificate installed via
DCM.
I would think that if there was some problem like that, the error
message would state it. I can post code if anyone is interested.

step: gsk_environment_open
my_env_handle=SPP:0000 :1aefQP0ZSPWT BEAK 022211 :1200:0:14
step: gsk_attribute_set_buffer
step: gsk_attribute_set_enum
step: gsk_attribute_set_enum
step: gsk_environment_init
server_ip=xxx.xxx.xxx.xxx, server_port=6443
step: gsk_secure_soc_open
my_session_handle=SPP:0000 :1aefQP0ZSPWT BEAK 022211 :14000:1:14
step: gsk_attribute_set_numeric_value
gsk_secure_soc_init() failed with rc = 415 (Peer not recognized or
badly formatted message received.), errno=There is no error.


--
Kelly Beard
--
This is the Bare Metal Programming IBM i (AS/400 and iSeries)
(C400-L)
mailing list
To post a message email: C400-L@xxxxxxxxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/c400-l
or email: C400-L-request@xxxxxxxxxxxxxxxxxx Before posting, please
take a moment to review the archives at
https://archive.midrange.com/c400-l.

--
This is the Bare Metal Programming IBM i (AS/400 and iSeries)
(C400-L) mailing list To post a message email:
C400-L@xxxxxxxxxxxxxxxxxx To subscribe, unsubscribe, or change list
options,
visit: https://lists.midrange.com/mailman/listinfo/c400-l
or email: C400-L-request@xxxxxxxxxxxxxxxxxx Before posting, please
take a moment to review the archives at
https://archive.midrange.com/c400-l.



--
Kelly Beard
--
This is the Bare Metal Programming IBM i (AS/400 and iSeries) (C400-L)
mailing list To post a message email: C400-L@xxxxxxxxxxxxxxxxxx To
subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/c400-l
or email: C400-L-request@xxxxxxxxxxxxxxxxxx Before posting, please
take a moment to review the archives at https://archive.midrange.com/c400-l.
--
This is the Bare Metal Programming IBM i (AS/400 and iSeries) (C400-L)
mailing list To post a message email: C400-L@xxxxxxxxxxxxxxxxxx To
subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/c400-l
or email: C400-L-request@xxxxxxxxxxxxxxxxxx Before posting, please
take a moment to review the archives at
https://archive.midrange.com/c400-l.



--
Kelly Beard
--
This is the Bare Metal Programming IBM i (AS/400 and iSeries) (C400-L) mailing list To post a message email: C400-L@xxxxxxxxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/c400-l
or email: C400-L-request@xxxxxxxxxxxxxxxxxx Before posting, please take a moment to review the archives at https://archive.midrange.com/c400-l.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.