SOAP with SSL

[Alberto]

Hi,
I need to send a SOAP req to a SSL server.
I`ve modfied the SOAP example to do it but I need help
Which code must I use to do it?
I`using;

   PostString = |
   '<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"> '&|
   '<SOAP-ENV:Header> '&|
   '<t:Transaction xmlns:t="xxs"> '&|
   '<tc> '&|
   '<iden u="devuser"/><provider session="WXMLPROD">Worldspan</provider> '&|
   '</tc> '&|
   '</t:Transaction> '&|
   '</SOAP-ENV:Header> '&|
   '<SOAP-ENV:Body> '&|
   '<ns1:ProviderTransaction xmlns:ns1="xxs"> '&|
   '<REQ> '&|
   ''&|
   '<TTC><MSG>This is a test</MSG></TTC> '&|
   ''&|
   '</REQ> '&|
   '</ns1:ProviderTransaction> '&|
   '</SOAP-ENV:Body> '&|
   '</SOAP-ENV:Envelope> '&|
   ''

  PostURL = 'http://xmlpropp.worldspan.com:443'

  ThisWebClient.SetAllHeadersDefault()
  ThisWebClient.Pragma_ = 'No-Cache'     ! Force any proxies to not use their cache. Uses more bandwidth but will contact the webserver directly which is what we want.
  ThisWebClient.CacheControl = 'No-Cache'! Force any proxies to not use their cache. Uses more bandwidth but will contact the webserver directly which is what we want.
  ThisWebClient.ContentType = 'text/xml'
  ThisWebClient.AcceptEncoding = ''
  ThisWebClient.ContentLength = len (clip(PostString))
  ThisWebClient.AsyncOpenTimeOut = 1200       ! 12 seconds
  ThisWebClient.InActiveTimeout  = 2000        ! 20 seconds
   
  ThisWebClient.SSL = 1 ! Use SSL to make a Secure Web Server
  ThisWebClient.SSLCertificateOptions.DontVerifyRemoteCertificateCommonName = 1
  ThisWebClient.SSLCertificateOptions.DontVerifyRemoteCertificateWithCARoot = 1
!  ThisWebClient.SSLCertificateOptions.CertificateFile = clip('web\') & clip('certificates\' & Clip(Glo:CertificateName)) & '.crt'
!message(clip('web') & '\' & clip('certificates\' & Clip(Glo:CertificateName)) & '.crt')
!  ThisWebClient.SSLCertificateOptions.PrivateKeyFile =  clip('web\') & clip('certificates\' & Clip(Glo:CertificateName)) & '.key'   
   
  ThisWebClient.Post(PostURL,PostString)


But I`m allways getting a timeout
Any help please!
Thanks
Alberto

PD: attached goes the client.app



[attachment deleted by admin]

[Bruce]

At a guess all you need to do is set

  PostURL = 'https://xmlpropp.worldspan.com:443'

note the https instead of http.

Cheers
Bruce

[Alberto]

Thanks Bruce,

Its weird, the program only works if Fiddler is running!!!!
If I shut down fiddler I always get a time-out error.

I´ve copied the exe to another computer in the same network (W7) and I get an inmediate "Unable to Open Connection" error

Attached goes the app and exe

Any idea?
Thanks
Alberto

[attachment deleted by admin]

[Alberto]

Here is the problem,

Fiddler2 includes the ability to decrypt, view, and modify HTTPS-secured traffic for debugging purposes.  This feature is disabled by default.
Enable this option by clicking Tools > Fiddler Options > HTTPS and ticking the "Decrypt HTTPS Traffic" box.

When you tick this option fiddler installs a certificate with which it decripts the secure trafic.

I could export this certificate to my desktop and installed it outside fiddler but the app continues failing withot fiddler running.

Where do I set wich certificate to use to decript the secure traffic inside the app?

I´ve tried out all combinations of:
  ThisWebClient.SSLCertificateOptions.CertificateFile = '' !'.\Certificate.crt' !clip('web\') & clip('certificates\' & Clip(Glo:CertificateName)) & '.crt'
  ThisWebClient.SSLCertificateOptions.PrivateKeyFile  = '' !'.\Certificate.key' ! clip('web\') & clip('certificates\' & Clip(Glo:CertificateName)) & '.key'   
  ThisWebClient.SSLCertificateOptions.DontVerifyRemoteCertificateCommonName = 0
  ThisWebClient.SSLCertificateOptions.DontVerifyRemoteCertificateWithCARoot = 0
  ThisWebClient.SSLCertificateOptions.CARootFile = '.\CaRoots.pem'

Using the Certificate.crt, key and CaRoot.pem of the examples and nothing.
If I Use Caroot the error is "SSL failed to load the CA root file"


Please HELP!!!

THanks
Alberto

[Bruce]

try
  ThisWebClient.SSLCertificateOptions.DontVerifyRemoteCertificateCommonName = 1
  ThisWebClient.SSLCertificateOptions.DontVerifyRemoteCertificateWithCARoot = 1
  ThisWebClient.SSLCertificateOptions.CARootFile = '.\CaRoots.pem'

Also - have you copied caroots.pem to the application folder?

cheers
Bruce

[Alberto]

Bruce,
This is exactly what I´m doing but it always times out!
Please, try the app attached.
The code is in the SendTest procedure routine.
You only need to compile it and press the Test button.
With fiddler running it works ok, withot it timesout.
Please, please, I will loose the contract!
Thanks
Alberto

[attachment deleted by admin]

[Bruce]

Hi Alberto,

Unfortunately your example is using iqXML, which I don't have installed on my Clarion 7.
So I've gone back to your first example.

At the moment the https://xmlpropp.worldspan.com/ site appears to be down. I'll try again later.

cheers
Bruce

[Alberto]

Bruce,
Weird, Its up for me now.
You can use the last app, its the same problem.
Thanks

[Bruce]

>> Its weird, the program only works if Fiddler is running!!!!
>> If I shut down fiddler I always get a time-out error.

yes I get the same running it from here.
What's happening is that the server is not closing the connection - so pageReceived is not being triggered. It should triiger on the content-length (which I'll investigate).

In the meantime you should ad the following line after SetAllHeadersDefault;

  ThisWebClient.SetAllHeadersDefault()
  ThisWebClient.ConnectionKeepAlive = 0


>> I´ve copied the exe to another computer in the same network (W7) and I get an inmediate "Unable to Open Connection" error

you didn't copy the necessary SSL DLL's

Cheers
Bruce

[Alberto]

Ok Bruce, its working.

You say I need to have the SSL DLLs, but I dont understand how does it work?
The dlls are not in my project, who is using this dlls?

Thanks
Alberto

[Bruce]

The SSL Dll's are loaded by the NetTalk DLL at runtime, if they are required. They do not get linked into your project.

see http://www.capesoft.com/docs/NetTalk/NetTalk.htm#SSL_DLL_Distribution

Cheers
Bruce