× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. RPG400-L
  3. September 2018

RE: HTTPAPI & revoked SSL cert

HTTPAPIR4 is a service program that runs in a job. In my case, that's a CGI job associated with an Apache server and running in QHTTPSVR. When you bounce the Apache server, all of the CGI jobs running in QHTTPSVR are ended. When the Apache server comes back up, it will get new jobs that will have clean state.

The app flow goes roughly like this:
MYCGIPGM -> MYSRVPGM -> HTTPAPI -> Internet

My speculation is that the remote vendor is doing something like swapping a cert, and my CGI job still has something in memory that's referencing the old cert.



-----Original Message-----
From: Bradley Stone [mailto:bvstone@xxxxxxxxx]
Sent: Tuesday, September 18, 2018 2:37 PM
To: RPG programming on the IBM i / System i <rpg400-l@xxxxxxxxxxxx>
Subject: Re: HTTPAPI & revoked SSL cert

.



On Tue, Sep 18, 2018 at 12:13 PM Justin Taylor <JUSTIN@xxxxxxxxxxxxx> wrote:

I'm sure that bouncing Apache helps by ending all the existing server
jobs. My current theory is that there's something in state, and the
remote service changes something which makes my state invalid.


No, HTTPAPI is a client. Not tied to Apache Web server in any way. Scott can clarify, but if it's anything like GETURI, the only thing in common would be they use DCM. And bouncing it shouldn't do anything for the client side of things



"Most likely the endpoint server updated their SSL certificate, or it
expired." I'm pretty much convinced this is the issue. I submit
hundreds of requests a day, generally without incident. Yesterday,
everything was fine until right at 9am. We caught the problem in just
a few minutes, bounced Apache and everything was back to normal.


Is the process tied to an Apache server job? In other words, you get a request in to one of your Apache servers, and then use HTTPAPI in the process to make requests to another server?

If so, the problem isn't with HTTPAPI, most likely more with your Apache server.

If the CA or Cert was expired, it would always fail. It would also be pretty simple to verify if that was the issue.



Right now, I'm working on a method to auto-recover.


Unless there's something left out of the picture here, I'll reiterate that the Apache server shouldn't have anything to do with HTTPAPI.


As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.