Re: Client Authentication as a Client, is it even possible? -- RPG400-L

Well, here's the kicker.  After IBM looked at the trace for
our V5R1 machine, they saw the exact problem.

The server has the option to send a list of valid certs for
client authentication, or none.  When it's none, the AS/400
pukes.  This was fixed with a PTF in V5R2 (the first
release IBM has actually had an SSL client that does client
authentication).  Now, we're just asking for the PTF be
releasd for V5R1 as well.

Let me tell you, after hearing that I was pleased.  Not
only that my app was working as it should, but that the
GSKit certainly would NOT have fixed it.

I rolled my own a long time before the GSKit came out...
and it's works great when there's not an OS bug in the way.
 :)

Brad


On Fri, 23 Jan 2004 08:19:49 +1300
 "Peter Connell" <Peter.Connell@xxxxxxxxxxxxxxxxxxxx>
wrote:
> Brad,
> I did mention in a recent dialogue (while going on a bit)
> that writing such an app in RPGLE using the SSL socket
> APIs was exactly what I had achieved once I assigned the
> client certificate (via DCM) required by the remote host
> to the SSL app. 
> 
> Indeed I also showed, as Scott is keen to suggest, that
> simply by downloading his ready-made code, which is also
> in RPGLE (but using the IBM Global Security Kit) then
> that also worked once the same appropriate client cert
> was assigned. While some of us, perhaps yourself
> included, have always liked to be able to roll-our-own, I
> recommend there is great merit in what Scott has also
> achieved.
> 
> Peter
> 
> -----Original Message-----
> From: rpg400-l-bounces@xxxxxxxxxxxx
> [mailto:rpg400-l-bounces@xxxxxxxxxxxx]On Behalf Of Brad
> Stone
> Sent: Friday, January 23, 2004 7:12 AM
> To: RPG programming on the AS400 / iSeries
> Subject: Re: Client Authentication as a Client, is it
> even possible?
> 
> 
> HTTP.
> 
> The problem is I'm using my GETURI application and it's
> worked fine in hundreds of other scenarios.  But, in this
> one case where client auth is needed during the SSL
> handshake, it's not working.
> 
> Also in talking with IBM support they said they
> personally
> didn't have a client app until v5r2 that did this (FTP)
> so
> I assume that possible this functionality hasn't been
> tested.
> 
> Brad
> 
> _______________________________________________
> This is the RPG programming on the AS400 / iSeries
> (RPG400-L) mailing list
> To post a message email: RPG400-L@xxxxxxxxxxxx
> To subscribe, unsubscribe, or change list options,
> visit:
> http://lists.midrange.com/mailman/listinfo/rpg400-l
> or email: RPG400-L-request@xxxxxxxxxxxx
> Before posting, please take a moment to review the
> archives
> at http://archive.midrange.com/rpg400-l.
> 
>
#####################################################################################
> This correspondence is for the named person's use only.
> It may contain confidential or legally privileged
> information, or both. No confidentiality or privilege is
> waived or lost by any mistransmission. If you receive
> this correspondence in error, please immediately delete
> it from your system and notify the sender. You must not
> disclose, copy or rely on any part of this correspondence
> if you are not the intended recipient. Any views
> expressed in this message are those of the individual
> sender, except where the sender expressly, and with
> authority, states them to be the views of Baycorp
> Advantage. If you need assistance, please contact Baycorp
> Advantage on either :- Australia 133124 or New Zealand
> +64 9 356 5800
> 
> _______________________________________________
> This is the RPG programming on the AS400 / iSeries
> (RPG400-L) mailing list
> To post a message email: RPG400-L@xxxxxxxxxxxx
> To subscribe, unsubscribe, or change list options,
> visit:
> http://lists.midrange.com/mailman/listinfo/rpg400-l
> or email: RPG400-L-request@xxxxxxxxxxxx
> Before posting, please take a moment to review the
> archives
> at http://archive.midrange.com/rpg400-l.
> 

Bradley V. Stone
BVS.Tools
www.bvstools.com