× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



I am not using the HTTP server. The QHTTPSVR subsystem is not even
active. My application (an RPG program) listens on a socket on port
443. When a request comes in it tries to establish an SSL connection
using the GSK toolkit. If that works then the client sends an
encrypted password. If that is okay then they start exchanging data.
If the client is not able to establish an SSL connection with my
program (or doesn't send the right password) then my program sends an
HTML document and closes the connection. The client application is
also an RPG program using the GSK toolkit. Since I have specifically
set up the system so that my application will do the SSL handshake,
why are some requests not getting to my program?

Albert


On Sat, May 22, 2010 at 5:17 PM, Simon Coulter <shc@xxxxxxxxxxxxxxxxx> wrote:

On 23/05/2010, at 9:28 AM, Albert York wrote:

I understand that the browser is expecting an SSL response but why
isn't that request going to my application,  like the unsecured
request?

What is stopping it?

My understanding is that if your application is running under the
control of an HTTP server then the HTTP server takes care of the SSL.
Additionally the server handles reading and writing the encrypted data
in the flow after successful negotiation. The browser makes a secure
request via the use of https: in the URL. The port number is of no
account other than there is an accepted default non-secure (80) and
secure (443) port.

Therefore an unsecure (http:) request arrives and the HTTP server
passes it to your application. When a secure (https:) request is
received the HTTP server attempts to perform the SSL negotiation. This
is failing probably because the HTTP server doesn't have an SSL
configuration for your application and it sends a negative response to
the browser client.

I think you'll need to define an application ID to the HTTP server and
use DCM to associate that ID with a current certificate.

If you want your application to handle the SSL negotiation then I
think you'll need to talk to the client directly. I think that cannot
be done via an HTTP server so you'd need either a special client (not
a browser) or you need to make your application into an HTTP server
and handle at least the parts of the HTTP protocol needed to support
your application.

Easiest approach is to work with the HTTP server and have it handle
the SSL connectivity for you.

Regards,
Simon Coulter.
--------------------------------------------------------------------
   FlyByNight Software         OS/400, i5/OS Technical Specialists

   http://www.flybynight.com.au/
   Phone: +61 2 6657 8251   Mobile: +61 0411 091 400        /"\
   Fax:   +61 2 6657 8251                                   \ /
                                                             X
                 ASCII Ribbon campaign against HTML E-Mail  / \
--------------------------------------------------------------------



--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.



As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.