× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. RPG400-L
  3. October 2018

Re: LIBHTTP vs HTTPPOSTCLOBVERBOSE

Hi!

here is what I got from IBM and Scott Forstie when I asked him how to solve
httppostclob and ssl problem.
I tried the "JVM Hack" and it works.

"For SSL to work, the client JVM needs to have a certificate for the
Certificate Authority that issued the certificate on the server.

Here are some notes on SSL and HTTP functions."

§Using https causes SSL to be used

§Relies on SSL support provided by the JVM
§Potential Difficulties

–Certificates

•Must be signed by a trusted certificate authority

–Protocol Version


§Java verifies that certificate provided by the server is valid (signed by
trusted authority)

§Browsers will identify this problem.




Solutions.
§Get a server certificate issued by a recognized certificate authority

§Or add the certificate for the issuing authority to the trust store (or
the certificate from the server)

–Get certificate – You can get this from some web browsers (see next slide)

–Add it to the trust store of the JVM in use

• keytool -import -trustcacerts -keystore
/QOpenSys/QIBM/ProdData/JavaVM/jdk60/32bit/jre/lib/security/cacerts
-storepass changeit -noprompt -alias z1235p1 -file /tmp/z1235p1.crt


–Warning: The cacerts file may be overwritten when Java ptfs are applied,
so this step may need to be repeated often.

§Use a Java stored procedure to tell the JVM not do to checking


JVM Hack...
§Compile the Java program below and place in
/QIBM/UserData/OS400/sqllib/function

§create procedure disableSSL() language java parameter style java external
name 'DisableSSL.go‘
§Before calling any HTTP functions in the job

–CALL disableSSL()

§Code..

import javax.net.ssl.*;
import java.security.cert.*;
public class DisableSSL implements X509TrustManager, HostnameVerifier {
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0]; }
public void checkClientTrusted(java.security.cert.X509Certificate[]
certs,
String authType) { }
public void checkServerTrusted(java.security.cert.X509Certificate[]
certs,
String authType) { }
public boolean verify(String string, SSLSession ssls) {
return true;
}


public static void go() throws Exception {
SSLContext sc = SSLContext.getInstance("TLS");
sc.init(null, new TrustManager[] { new DisableSSL() },
new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
HttpsURLConnection.setDefaultHostnameVerifier( new DisableSSL());
}
}



Den man. 15. okt. 2018 kl. 16:51 skrev Mohammad Tanveer <surgum@xxxxxxxxx>:

When using HTTPPOSTCLOBVERBOSE I am getting certificate errors when I tried
same url using LIBHTTP I am not getting any such errors.

Wondering why? Is there anything different I have to do when using
HTTPPOSTCLOBVERBOSE

Message . . . . : Procedure or user-defined function HTTPPOSTCLOBVERBOSE
in
SYSTOOLS returned a warning SQLSTATE.

Cause . . . . . : An SQLSTATE of the form 01xxx was returned by the

procedure or user-defined function HTTPPOSTCLOBVERBOSE in SYSTOOLS (with

specific name HTTPP00015), along with message text com.ibm.jsse2.util.h:

PKIX path building failed: java.security.cert.CertPathBuilderException:

PKIXCertPathBuilderImpl could not build a valid CertPath.; internal
cause
is: ■■java.security.cert.CertPathValidatorException: The certificate
issued
by CN=dm-DC-DIGCERT1-CA, DC=dm, DC=com is not trusted; internal
cause is: ■■java.security.cert.CertPathValidatorException: Certificate

chaining error.


This is how I am executing HTTPPOSTCLOBVerbose?

exec sql
SELECT ifnull(varchar(responseMsg,5000),''),
ifnull(varchar(responseHttpHeader,512),'')
INTO :responseMsg, :responseHdr
FROM table( SYSTOOLS.HTTPPOSTCLOBVerbose(
:gURL,
:gHeader,
:gRequest) ) as InternalServices;
--
This is the RPG programming on the IBM i (AS/400 and iSeries) (RPG400-L)
mailing list
To post a message email: RPG400-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/rpg400-l
or email: RPG400-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/rpg400-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: http://amzn.to/2dEadiD

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.