NetTalk Central
The Rest Of NetTalk => The Rest - Ask For Help => Topic started by: alex.kolaric on March 19, 2013, 03:23:25 PM
-
Hi,
I have serious problem with one request I'm trying to send to SOAP server with SSL. Still using Nettalk 5 but I was able to access secure SOAP services with it before. This is the code I use:
LOC:AuthStr = 'userid:password'
LOC:AuthStrLen = LEN(CLIP(LOC:AuthStr))
ThisWebClient.SetAllHeadersDefault()
ThisWebClient.ConnectionKeepAlive = 0
ThisWebClient._HTTPVersion = 'HTTP/1.0'
ThisWebClient.ContentType = 'text/xml; charset=utf-8'
ThisWebClient.CanUseProxy = 0
ThisWebClient.HeaderOnly = 0
ThisWebClient.Cookie = ''
ThisWebClient.CustomHeader = ''
ThisWebClient.Referer = ''
ThisWebClient.UserAgent = 'Evision Sourcing'
ThisWebClient.AcceptEncoding = 'gzip,deflate'
ThisWebClient.Accept_ = ''
ThisWebClient.AcceptLanguage = ''
ThisWebClient.ContentLength = len (clip(PostString))
ThisWebClient.Authorization = 'Basic ' & NetBase64Encode (LOC:AuthStr, LOC:AuthStrLen)
ThisWebClient.AsyncOpenTimeOut = 1200
ThisWebClient.InActiveTimeout = 2000
ThisWebClient.SSL = 1
ThisWebClient.SSLCertificateOptions.CertificateFile = ''
ThisWebClient.SSLCertificateOptions.PrivateKeyFile = ''
ThisWebClient.SSLCertificateOptions.DontVerifyRemoteCertificateCommonName = 1
ThisWebClient.SSLCertificateOptions.DontVerifyRemoteCertificateWithCARoot = 1
ThisWebClient.SSLCertificateOptions.CARootFile = '.\Ca_Roots.pem'
ThisWebClient.Post(PostURL,PostString)
I'm receiving the following error all the time
Error Code: -53
Error Message: The requested connection could not be opened. The Open command timed out or failed to connect. The error number was -53 which means Open Timeout or Failure error. - [SSL Error = 11]
Passed Message: The requested connection could not be opened. The Open command timed out or failed to connect
Function: NetSimple.TakeEvent
CA_Roots.pem is in the app directory as well as all 4 DLLs needed for SSL. Please help. It is urgent.
Thanks,
Alex
P.S. I'm trying both https://wstest.aviall.com/services/SOAPProcessor and https://wstest.aviall.com/services/SOAPProcessor:443 as post urls but nothing changes
-
Morning Alex,
the short answer is that you need to add the following property setting;
ThisWebClient.SSLMethod = NET:SSLMethodTLSv1
The way I came to this conclusion is listed below;
I tried to connect to the site using the NetDemo program. It gave the same error (which is a good thing!).
The first clue was in the DebugView log
[7064] [NetDLL] [2] SSL_Our_ClientOpenTryConnect() : SSL Error calling SSL_connect : SSL_ERROR_SSL [error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number] A failure in the SSL library occurred, usually a protocol error. SSL Error Code Error = 11
A quick check on my "all things SSL post" here
http://www.nettalkcentral.com/index.php?option=com_smf&Itemid=36&topic=1023.0
reminded me how to do an SSLScan of the site;
sslscan --no-failed wstest.aviall.com:443
which in turn replied with
Supported Server Cipher(s):
Accepted TLSv1 256 bits DHE-RSA-AES256-SHA
Accepted TLSv1 256 bits AES256-SHA
Accepted TLSv1 128 bits DHE-RSA-AES128-SHA
Accepted TLSv1 128 bits AES128-SHA
Accepted TLSv1 168 bits EDH-RSA-DES-CBC3-SHA
Accepted TLSv1 56 bits EDH-RSA-DES-CBC-SHA
Accepted TLSv1 168 bits DES-CBC3-SHA
Accepted TLSv1 56 bits DES-CBC-SHA
Accepted TLSv1 128 bits RC4-SHA
Accepted TLSv1 128 bits RC4-MD5
I tweaked the NetDemo program (7.08) to allow me to set the SSL Method, tested with the TLSv1 method, and I got a connection.
Of course I don't have the username and password, so I can't go further, but I think you'll do fine from there.
I'm also doing all this in NT7 - but I don't think it'll be any different in NT5.
cheers
Bruce
-
Thanks Bruce,
I would never find it myself. I knew you would be able to help me ... as always.
Regards,
Alex
-
Bruce,
one more quick question. As I set up SSLMethod property connection error is
gone, I properly send package and receive response from SOAP server. It
indicates that the package is 1554 bytes long but I just get one weird
display character after response header (even though PageLen property of the
web client object is showing the same correct content length).
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Encoding: gzip
Content-Type: text/xml;charset=utf-8
Content-Length: 1554
Date: Wed, 20 Mar 2013 15:43:04 GMT
Connection: close
�‹�
Do you have any idea why this occurs? Is it related to SSL setting I added
in any way?
Thanks in advance,
Alex
-
no, it's not related to the SSL method - if it was SSL related you wouldn't be able to read the HTTP header.
I would say the issue is
Content-Encoding: gzip
meaning that the data has been compressed before it was sent to you.
They're giving it back to you compressed because your original request said
ThisWebClient.AcceptEncoding = 'gzip,deflate'
You need to decompress it to get the full text.
The reason it's showing truncated like that is probably because your debug tool terminates the string on a Null. (and the second character is a null).
Fortunately StringTheory comes with the ability to compress, and decompress gzipped text. So in NT7 I can add some code to do this automatically.
You're not on C7 yet, so you need to do this manually. Or change the request so you don't accept gzip or deflate responses.
cheers
Bruce
-
Thanks Bruce,
You've been very helpful.
Regards,
Alex