Let me try and clarify what I meant by "I have a CGI webservice that uses the HTTPAPI utility to make HTTPS calls to an outside vendor".
I have an RPGLE program that is called as a CGI program running on an IBMi Apache server. That RPGLE program calls a service program, and that service program uses HTTPAPI to access a 3rd party webservice over the internet.
My theory, based mostly on speculation, is that HTTPAPI remains active in a given job running in QHTTPSVR. Something changes with the certificate on the remote end, but the already running CGI jobs have something still in memory which causes the error. By bouncing Apache, all the CGI jobs are ended and the new jobs start with a clean slate.
From: Justin Taylor
Sent: Tuesday, September 18, 2018 9:37 AM
To: 'RPG programming on the IBM i (AS/400 and iSeries)' <rpg400-l@xxxxxxxxxxxx>
Subject: HTTPAPI & revoked SSL cert
I have a CGI webservice that uses the HTTPAPI utility to make HTTPS calls to an outside vendor. It makes a few hundred calls a day and has been in production for a couple of years. Twice in the past week it's started throwing certificate errors and continued to do so until we bounced the Apache server. I wasn't in the office when the issues occurred, so I'm limited on what data I have.
I'm working on an automatic, and less drastic, work-around than bouncing Apache. My RPG CGI program runs in a named activation group and doesn't set on LR. The HTTPAPI call is in a service program that runs in *CALLER. I'm wondering if it would help to run my service program in a named activation group. That way, when an error occurs the calling RPG could reclaim that named activation group. Of course, I don't know if that would help. I'm just speculating that something within HTTPAPI is staying in memory.
Any thoughts?
From Library : LIBHTTP
From Program : HTTPAPIR4
From Line : *STMT
To Library : LIBHTTP
To Program : HTTPAPIR4
To Line : *STMT
From user . . . . . . . . . : USER
From module . . . . . . . . : HTTPUTILR4
From procedure . . . . . . : UTIL_DIAG
Statement . . . . . . . . . : 4810
To module . . . . . . . . . : COMMSSLR4
To procedure . . . . . . . : SSL_ERROR
Statement . . . . . . . . . : 7142
Thread . . . . : 00000002
(GSKit) Certificate was rejected by the application
supplied exit program or certificate being validated by SSL processing was
revoked.
Cause . . . . . : No additional online help information is available.
As an Amazon Associate we earn from qualifying purchases.