Hi Scott,
I have found this code in the COMMSSLR4 source file (HTTPAPI):
c* If peAppId begins with a slash the assume it is the name of the
keyring file
cif%subst(peAppId:1:1) = ‘/‘
cevalrc = gsk_attribute_set_buffer(
cwkEnvh: GSK_KEYRING_FILE:
cpeAppId: %len(%trim(peAppId)))
cifrc <> GSK_OK
ccallpSetError(HTTP_GSKKEYF: ‘Attempt to use ‘ +
c%trim(peAppId) + ‘ cert store: ‘ +
cssl_error(rc))
ccallphttps_cleanup
creturn-1
cendif
cendif
I have been looking for information about GSKit, and I found this:
https://www.ibm.com/support/knowledgecenter/ssw_ibm_i_73/apis/gsk_attribute_get_buffer.htm
In that website, is explained the use of gsk_attribute_get_buffer…
GSK_KEYRING_FILEWe can send with https_init(‘/XXXXX’) the name of the
keyring file, because it is developed in COMMSSLR4.
GSK_KEYRING_PWDPassword for the certificate store. NOT developed.
GSK_KEYRING_LABELCertificate label in the certificate store. NOT
developed.
I think that if the COMMSSLR4 is changed including this last two
options, I will be able to connect indicating the certificate I need,
and the password of the certificate store.
For example this way: (is only an example…).
cif%subst(peAppId:1:1) = ‘#‘
cevalrc = gsk_attribute_set_buffer(
cwkEnvh: GSK_KEYRING_PWD:
c%subst(peAppId:2:(%len(%trim(peAppId))-1):
c%len(%trim(peAppId)-1)
cifrc <> GSK_OK
ccallpSetError(’SOME ERROR')
ccallphttps_cleanup
creturn-1
cendif
cendif
cif%subst(peAppId:1:1) = ‘@‘
cevalrc = gsk_attribute_set_buffer(
cwkEnvh: GSK_KEYRING_LABEL:
c%subst(peAppId:2:(%len(%trim(peAppId))-1):
c%len(%trim(peAppId)-1)
cifrc <> GSK_OK
ccallpSetError(’SOME ERROR')
ccallphttps_cleanup
creturn-1
cendif
cendif
Is possible that it works well?
Christian.
El 6 mar 2017, a las 11:43, Scott Klement <sk@xxxxxxxxxxxxxxxx
<mailto:sk@xxxxxxxxxxxxxxxx>> escribió:
Hi Christian,
Unfortunately, I have not used a certificate store besides *SYSTEM,
so I do not know exactly what is involved.
It is important to understand that HTTPAPI does not provide it's own
SSL/TLS code -- it uses the operating system's code. So if the
operating system is capable of what you're describing, it should work
with HTTPAPI. The tricky part is to find out how to do it with the
operating system!
Internally, we use IBM-supplied Global Secure Toolkit ("gskit" for
short.)
If you can tell me how to access your certificate using the gskit
API, I'd be glad to explain how it can be used from HTTPAPI. Or, if
necessary, I can make modifications to HTTPAPI to make it possible.
-SK
On 3/4/2017 12:42 PM, larsenvalverde@xxxxxxxxx
<mailto:larsenvalverde@xxxxxxxxx> wrote:
Hello.
I’m using the WDSL2RPG and HTTPAPI to connect to a webservice, but I
have a problem. I need to use a digital certificate, and, for
security reasons, it cannot be on *SYSTEM certificate store.
I know I can do this:
https_init(‘/ANOTHER_CERTIFICATE_STORE’:*ON:*ON:….)
But I don’t know how to tell httpapi what certificate I need to
use… and the password needed to use it.
Can anyone explain me how to do it, if it is possible?
Thanks in advance.
Christian.
_______________________________________________
Ftpapi mailing list
Ftpapi@xxxxxxxxxxxxxxxxxxxxxx <mailto:Ftpapi@xxxxxxxxxxxxxxxxxxxxxx>
http://scottklement.com/mailman/listinfo/ftpapi
--
_______________________________________________
Ftpapi mailing list
Ftpapi@xxxxxxxxxxxxxxxxxxxxxx <mailto:Ftpapi@xxxxxxxxxxxxxxxxxxxxxx>
http://scottklement.com/mailman/listinfo/ftpapi