Still looking at this...

Not sure if this means anything, but the debug test shows a dump of the local-side certificate. I didn't see that in other httpapi debug files I have on our system. The certificate string in http_debug.txt looked "too short" to me.

So I copied the certificate string, saved it on my PC as a .cer file and opened it. Under Certificate Information it says
"Windows does not have enough information to verify this certificate."

Grasping at straws here.



-----Original Message-----
From: RPG400-L [mailto:rpg400-l-bounces@xxxxxxxxxxxxxxxxxx] On Behalf Of Brad Stone
Sent: Monday, April 05, 2021 1:35 PM
To: RPG programming on IBM i <rpg400-l@xxxxxxxxxxxxxxxxxx>
Subject: Re: ssl_error(406)

Ya, when I wrote GETURI many many years ago I needed to decide what to use
for a default for some values. Because I had written my eRPG book I chose
that as the default user agent, which of course can be overridden or even
the default changed with CHGCMDDFT. :)

I have no idea why GETURI works and HTTPAPI is having this issue as I am
pretty sure we use the same GSK APIs for SSL communications. I'm happy to
help in any way to figure out why, though.

Brad
www.bvstools.com

On Mon, Apr 5, 2021 at 12:27 PM Greg Wilburn <
gwilburn@xxxxxxxxxxxxxxxxxxxxxxx> wrote:

Thanks Brad. I was able to get GETURI to make the connection
successfully. However, HTTPAPI still disconnects with the same SSL error.

From what I can see, the HTTP headers appear to be identical except for
the "order" and User-Agent.

HTTPAPI Debug
GET /v1/orders HTTP/1.1
Host: api.meetribbon.com
User-Agent: http-api/1.43
Accept: application/json
Content-Type: application/json
Authorization: NSDB2I5C8FK83BS783KB
secretToken: <token removed>
vendorID: 5f8a007f71696800d98427b1
agencyID: 5f077af27d6be71f487bdd34

recvresp(): entered
(GSKit) I/O: A connection with a remote socket was reset by that socket.
ssl_error(406): (GSKit) I/O: A connection with a remote socket was reset
by that socket.
SetError() #44: CommSSL_read: read:(GSKit) I/O: A connection with a
remote socket was reset by
recvresp(): end with err
http_close(): entered

-----------------------------

GETURI debug
GET /v1/orders HTTP/1.1
Accept: application/json
User-Agent: e-RPG
Host: api.meetribbon.com
Content-Type: application/json
Authorization: NSDB2I5C8FK83BS783KB
secretToken: <token removed>
vendorID: 5f8a007f71696800d98427b1
agencyID: 5f077af27d6be71f487bdd34

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 512984
Connection: keep-alive
Date: Mon, 05 Apr 2021 15:23:54 GMT

-----Original Message-----
From: RPG400-L [mailto:rpg400-l-bounces@xxxxxxxxxxxxxxxxxx] On Behalf Of
Brad Stone
Sent: Thursday, April 01, 2021 5:13 PM
To: RPG programming on IBM i <rpg400-l@xxxxxxxxxxxxxxxxxx>
Subject: Re: ssl_error(406)

First thing I would do is make sure you have the proper accept header... I
don't see one in your request. */* usually works. But application/json is
probably what they're looking for. I have seen many web APIs puke because
the proper accept header wasn't there.

If that's not it, this reminds me of an issue a couple others of us were
having back in the day that dealt with caching ssl info or something like
that? It's been a while so I don't recall, but I did have one customer who
worked with IBM when something like this started happening after
applying PTFs.

I'd contact IBM and do some tracing. I don't think it has anything to do
with HTTPAPI... more likely either the remote system doesn't like what's
happening on the IBM i side of things.

I think there is also lower level debugging.. i didn't see anything about
handshakes in the debug provided.

Brad
www.bvstools.com




On Thu, Apr 1, 2021 at 3:50 PM Greg Wilburn <
gwilburn@xxxxxxxxxxxxxxxxxxxxxxx> wrote:

Still haven't found it... literally driving me crazy.

This is from Postman... they do have more things in the header, but
nothing I can see that would cause the disconnect. (Auth and Token
removed)

GET /v1/orders HTTP/1.1
Authorization: xxxxxxx
secretToken: xxxxxx
vendorID: 5f8a007f71696800d98427b1
agencyID: 5f077af27d6be71f487bdd34
User-Agent: PostmanRuntime/7.26.8
Accept: */*
Cache-Control: no-cache
Postman-Token: 791bd877-1b46-47b4-9151-17abaa3435ec
Host: api.meetribbon.com
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 492155
Connection: keep-alive
Date: Thu, 01 Apr 2021 20:42:27 GMT
x-amzn-RequestId: 20d6fddc-de62-4a89-a6c2-48e5edb3285f
Access-Control-Allow-Origin: *
x-amz-apigw-id: dHx4BHEXIAMFbaQ=
X-Amzn-Trace-Id: Root=1-60663033-689445b2217af86e4e83d55a;Sampled=0
X-Cache: Miss from cloudfront
Via: 1.1 502d715ad2f775c7dae1f1c4bfbfc169.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: EWR52-C4
X-Amz-Cf-Id: kAPNoCT4qtti3i07pkeXZFeIXJuuxNccGLIwGa5e3A1Dt93U9znpYg==

...more

This is from the HTTPAPI Debug

SetError() #49: SSL_protocol: Unknown protocol 5000
Protocol Used:
http_persist_req(GET) entered.
http_long_ParseURL(): entered
http_long_ParseURL(): entered
do_oper(GET): entered
There are 0 cookies in the cache
GET /v1/orders HTTP/1.1
Host: api.meetribbon.com
User-Agent: http-api/1.43
Authorization: xxxxxxx
secretToken: xxxxxxxx
vendorID: 5f8a007f71696800d98427b1
agencyID: 5f077af27d6be71f487bdd34

recvresp(): entered
(GSKit) I/O: A connection with a remote socket was reset by that socket.
ssl_error(406): (GSKit) I/O: A connection with a remote socket was reset
by that socket.
SetError() #44: CommSSL_read: read:(GSKit) I/O: A connection with a
remote socket was reset by
recvresp(): end with err
http_close(): entered



--
This is the RPG programming on IBM i (RPG400-L) mailing list
To post a message email: RPG400-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/rpg400-l
or email: RPG400-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/rpg400-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com
--
This is the RPG programming on IBM i (RPG400-L) mailing list
To post a message email: RPG400-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/rpg400-l
or email: RPG400-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/rpg400-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2021 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.