[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SSL Handshake: (GSKit) An error occurred during SSL

From: Scott Klement <sk@xxxxxxxxxxxxxxxx>
To: HTTPAPI and FTPAPI Projects <ftpapi@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: SSL Handshake: (GSKit) An error occurred during SSL
Date: Thu, 27 May 2010 11:21:25 -0500

hi John,

Just so that we are all on the same page...  the information from the 
debug file tells me that HTTPAPI was calling this API (part of OS/400):

    gsk_secure_soc_init()

And the error code the API is returning is:

    GSK_INTERNAL_ERROR

This is also known as CPDBCB9 from msgf QCPFMSG

The API itself and it's error codes are documented in the Information 
Center here (this is the V5R3 version, because that appears to be what 
you are running:)

http://publib.boulder.ibm.com/infocenter/iseries/v5r3/topic/apis/gsk_secure_soc_init.htm

Unfortunately, the only thing this documentation seems to say is that 
something is wrong internally inside the SSL routines of OS/400.  It 
doesn't provide more information. There may be more information in your 
job log -- have you looked there?

Aside from that, I'd guess that something got messed up in your Digital 
Certificate Manager.  I don't know what else to suggest, except calling 
IBM for help.


On 5/27/2010 9:21 AM, JHill@xxxxxxxxxxxx wrote:
>
>     Kevin,
>
>
>
>     Thanks for the reply. I have already done that. I even imported the
>     intermediate certificate, and I still have the same problem. I have
>     also tested against our our website which as a certificate signed by
>     Thawte and still are having the same problem.
>
>
>
>     Here is the information from the debug file.
>
>     Thanks,
>     John Hill
>
>
>
>
>
>
>
>
>
>     HTTPAPI Ver 1.23 released 2008-04-24
>
>     OS/400 Ver V5R3M0
>
>     New iconv() objects set, PostRem=819. PostLoc=0. ProtRem=819.
>     ProtLoc=0
>
>     https_init(): entered
>
>     ----------------------------------------------------------------------
>     ---------------
>
>     Dump of local-side certificate information:
>
>     ----------------------------------------------------------------------
>     ---------------
>
>     -----BEGIN CERTIFICATE-----
>
>     MIICVDCCAb2gAwIBAgIHSldGhQElaDANBgkqhkiG9w0BAQQFADBnMQswCQYDVQQG
>
>     EwJVUzENMAsGA1UECBMET2hpbzEXMBUGA1UEBxMOQ3V5YWhvZ2EgRmFsbHMxHTAb
>
>     BgNVBAoTFEluZm9ybWF0aW9uIFNlcnZpY2VzMREwDwYDVQQDEwhDRlNhZmV0eTAe
>
>     Fw0wOTA3MDkxMzQ3NDlaFw0xMDA3MTAxMzQ3NDlaMHMxCzAJBgNVBAYTAlVTMQ0w
>
>     CwYDVQQIEwRPaGlvMRcwFQYDVQQHEw5DdXlhaG9nYSBGYWxsczEdMBsGA1UEChMU
>
>     SW5mb3JtYXRpb24gU2VydmljZXMxHTAbBgNVBAMTFENGU2FmZXR5IFN5c3RlbSBD
>
>     ZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCbVZkA9/1AQsSXeSbAvGh/
>
>     kZZ/4nK3vMP+ZZuxgrBiDduJVEL8H9vi+dH8xzirmrp4DdS240FodYgxVTKO3Zfw
>
>     YfvahsRtBhxuSZB51mh69dWt24kpRVJbULFw2seWLZhR1j2bePg4P/LFTY676d/l
>
>     g27YTwUAMLwe3DJZQMeGIwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAI3DBWgRHqNd
>
>     YeHXVCyenpdz1b0tlMSGFbLiMdldiAYRpYvUSJWR5dO3N/KLtf6wcBJ1WajO6hXv
>
>     oOoffBcjoSj/bd9V71EZw/0GsxI2Coq5vDoYr6oUTl4hjzKHkF6VJoCIjYtWCS8c
>
>     k8BbTAzpnRXb5bI1fKmy9sLLA4ZHIAod
>
>     -----END CERTIFICATE-----
>
>     Serial Number: 4A:57:46:85:01:25:68
>
>     Common Name: CFSafety System Cert
>
>     Country: US
>
>     State/Province: Ohio
>
>     Locality: Cuyahoga Falls
>
>     Org Unit: Information Services
>
>     Issuer CN: CFSafety
>
>     Issuer Country: US
>
>     Issuer State/Province: Ohio
>
>     Issuer Locality: Cuyahoga Falls
>
>     Issuer Org: Information Services
>
>     Version: 03
>
>     not before: 20090709094749
>
>     not after: 20100710094749
>
>     pub key alg: 1.2.840.113549.1.1.4
>
>     http_url_get(): entered
>
>     http_persist_open(): entered
>
>     http_long_ParseURL(): entered
>
>     DNS resolver retrans: 2
>
>     DNS resolver retry : 2
>
>     DNS resolver options: x'00000136'
>
>     DNS default domain: CITYOFCF.com
>
>     DNS server found: 208.67.222.222
>
>     DNS server found: 208.67.220.220
>
>     (GSKit) An error occurred during SSL processing that was not expected.
>
>     ssl_error(3): (GSKit) An error occurred during SSL processing that was
>     not expected.
>
>     SetError() #30: SSL Handshake: (GSKit) An error occurred during SSL
>     processing that was not expe
>
>     ----------------------------------------------------------------------
>     ---------------
>
>     Dump of server-side certificate information:
>
>     ----------------------------------------------------------------------
>     ---------------
>
>     Cert Validation Code = 0
>
>
>
>     -----ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx wrote: -----
>
>       To: "HTTPAPI and FTPAPI Projects"<ftpapi@xxxxxxxxxxxxxxxxxxxxxx>
>       From: "Kevin Bucknum"<Kevin@xxxxxxxxxxxxxxxxxxx>
>       Sent by: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx
>       Date: 05/26/2010 04:57PM
>       Subject: RE:
>       Unless you have that root cert loaded on your machine, you need to
>       go
>       download it from Go Daddy's site and install it. By default IBM
>       doesn't
>       load that one. We have put in a request for them to add a few of
>       the
>       more common cert providers, but haven't seen any movement on it
>       yet.
>       -----Original Message-----
>       From: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx
>       [[1]mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of
>       JHill@xxxxxxxxxxxx
>       Sent: Wednesday, May 26, 2010 2:48 PM
>       To: ftpapi@xxxxxxxxxxxxxxxxxxxxxx
>       Subject:
>         Hello everyone,
>         I'm brand new to this list so go easy. We are using HTTP API
>       v1.23
>       for
>         about a year now to post data to a web service. Last week the web
>         service changed their SSL cert to a cert signed by "Go Daddy
>       Class 2
>         CA" with a 2048 bit public key. Now we get an error message of
>       "SSL
>         Handshake: (GSKit) An error occurred during SSL" with a return
>       code
>       of
>         -1. Does anyone have any insight?
>         Thanks,
>         John Hill
>       Kevin Bucknum
>       Senior Programmer Analyst
>       MEDDATA/MEDTRON
>       Tel: 985-893-2550
>       -------------------------------------------------------------------
>       ----
>       This is the FTPAPI mailing list.  To unsubscribe, please go to:
>       [2]http://www.scottklement.com/mailman/listinfo/ftpapi
>       -------------------------------------------------------------------
>       ----
>       -------------------------------------------------------------------
>       ----
>       This is the FTPAPI mailing list.  To unsubscribe, please go to:
>       [3]http://www.scottklement.com/mailman/listinfo/ftpapi
>       -------------------------------------------------------------------
>       ----
>
> References
>
>     1. mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx
>     2. http://www.scottklement.com/mailman/listinfo/ftpapi
>     3. http://www.scottklement.com/mailman/listinfo/ftpapi
> -----------------------------------------------------------------------
> This is the FTPAPI mailing list.  To unsubscribe, please go to:
> http://www.scottklement.com/mailman/listinfo/ftpapi
> -----------------------------------------------------------------------
>

-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------

Follow-Ups:
- Re: SSL Handshake: (GSKit) An error occurred during SSL
  - From: JHill

References:
- [no subject]
  - From: JHill
- RE:
  - From: Kevin Bucknum
- Re: SSL Handshake: (GSKit) An error occurred during SSL
  - From: JHill

Prev by Date: Re: Problem with FTP_GET, FTP_BINARY when downloading mixed file types
Next by Date: Re: Problem with FTP_GET, FTP_BINARY when downloading mixed file types
Previous by thread: Re: SSL Handshake: (GSKit) An error occurred during SSL
Next by thread: Re: SSL Handshake: (GSKit) An error occurred during SSL
Index(es):
- Date
- Thread