POST, SOAP and SSL

[alex.kolaric]

Hi,

I have serious problem with one request I'm trying to send to SOAP server with SSL. Still using Nettalk 5 but I was able to access secure SOAP services with it before. This is the code I use:

LOC:AuthStr    =  'userid:password'
LOC:AuthStrLen = LEN(CLIP(LOC:AuthStr))  

ThisWebClient.SetAllHeadersDefault()
ThisWebClient.ConnectionKeepAlive = 0  
ThisWebClient._HTTPVersion            = 'HTTP/1.0'
ThisWebClient.ContentType       = 'text/xml; charset=utf-8'
ThisWebClient.CanUseProxy       = 0
ThisWebClient.HeaderOnly       = 0
ThisWebClient.Cookie          = ''
ThisWebClient.CustomHeader            = ''
ThisWebClient.Referer          = ''
ThisWebClient.UserAgent         = 'Evision Sourcing'
ThisWebClient.AcceptEncoding            = 'gzip,deflate'
ThisWebClient.Accept_          = ''
ThisWebClient.AcceptLanguage            = ''
ThisWebClient.ContentLength            = len (clip(PostString))
ThisWebClient.Authorization               = 'Basic ' & NetBase64Encode (LOC:AuthStr, LOC:AuthStrLen)   

ThisWebClient.AsyncOpenTimeOut = 1200      
ThisWebClient.InActiveTimeout  = 2000        

ThisWebClient.SSL = 1
ThisWebClient.SSLCertificateOptions.CertificateFile = ''
ThisWebClient.SSLCertificateOptions.PrivateKeyFile = ''
ThisWebClient.SSLCertificateOptions.DontVerifyRemoteCertificateCommonName = 1
ThisWebClient.SSLCertificateOptions.DontVerifyRemoteCertificateWithCARoot = 1
ThisWebClient.SSLCertificateOptions.CARootFile = '.\Ca_Roots.pem'

ThisWebClient.Post(PostURL,PostString)

I'm receiving the following error all the time

Error Code: -53
Error Message: The requested connection could not be opened. The Open command timed out or failed to connect. The error number was -53 which means Open Timeout or Failure error. - [SSL Error = 11]

Passed Message: The requested connection could not be opened. The Open command timed out or failed to connect
Function: NetSimple.TakeEvent

CA_Roots.pem is in the app directory as well as all 4 DLLs needed for SSL. Please help. It is urgent.

Thanks,
Alex

P.S. I'm trying both https://wstest.aviall.com/services/SOAPProcessor and https://wstest.aviall.com/services/SOAPProcessor:443 as post urls but nothing changes

[Bruce]

Morning Alex,

the short answer is that you need to add the following property setting;

ThisWebClient.SSLMethod = NET:SSLMethodTLSv1

The way I came to this conclusion is listed below;

I tried to connect to the site using the NetDemo program. It gave the same error (which is a good thing!).
The first clue was in the DebugView log

[7064] [NetDLL] [2] SSL_Our_ClientOpenTryConnect() : SSL Error calling SSL_connect : SSL_ERROR_SSL [error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number] A failure in the SSL library occurred, usually a protocol error. SSL Error Code Error = 11

A quick check on my "all things SSL post" here
http://www.nettalkcentral.com/index.php?option=com_smf&Itemid=36&topic=1023.0

reminded me how to do an SSLScan of the site;

sslscan --no-failed wstest.aviall.com:443

which in turn replied with

  Supported Server Cipher(s):
    Accepted  TLSv1  256 bits  DHE-RSA-AES256-SHA
    Accepted  TLSv1  256 bits  AES256-SHA
    Accepted  TLSv1  128 bits  DHE-RSA-AES128-SHA
    Accepted  TLSv1  128 bits  AES128-SHA
    Accepted  TLSv1  168 bits  EDH-RSA-DES-CBC3-SHA
    Accepted  TLSv1   56 bits  EDH-RSA-DES-CBC-SHA
    Accepted  TLSv1  168 bits  DES-CBC3-SHA
    Accepted  TLSv1   56 bits  DES-CBC-SHA
    Accepted  TLSv1  128 bits  RC4-SHA
    Accepted  TLSv1  128 bits  RC4-MD5

I tweaked the NetDemo program (7.08)  to allow me to set the SSL Method, tested with the TLSv1 method, and I got a connection.
Of course I don't have the username and password, so I can't go further, but I think you'll do fine from there.

I'm also doing all this in NT7 - but I don't think it'll be any different in NT5.

cheers
Bruce

[alex.kolaric]

Thanks Bruce,

I would never find it myself. I knew you would be able to help me ... as always.

Regards,
Alex

[alex.kolaric]

Bruce,

one more quick question. As I set up SSLMethod property connection error is
gone, I properly send package and receive response from SOAP server. It
indicates that the package is 1554 bytes long but I just get one weird
display character after response header (even though PageLen property of the
web client object is showing the same correct content length).

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Encoding: gzip
Content-Type: text/xml;charset=utf-8
Content-Length: 1554
Date: Wed, 20 Mar 2013 15:43:04 GMT
Connection: close

‹

Do you have any idea why this occurs? Is it related to SSL setting I added
in any way?

Thanks in advance,
Alex

[Bruce]

no, it's not related to the SSL method - if it was SSL related you wouldn't be able to read the HTTP header.

I would say the issue is

Content-Encoding: gzip

meaning that the data has been compressed before it was sent to you.
They're giving it back to you compressed because your original request said

ThisWebClient.AcceptEncoding            = 'gzip,deflate'

You need to decompress it to get the full text.
The reason it's showing truncated like that is probably because your debug tool terminates the string on a Null. (and the second character is a null).

Fortunately StringTheory comes with the ability to compress, and decompress gzipped text. So in NT7 I can add some code to do this automatically.

You're not on C7 yet, so you need to do this manually. Or change the request so you don't accept gzip or deflate responses.

cheers
Bruce

[alex.kolaric]

Thanks Bruce,

You've been very helpful.

Regards,
Alex