301 Moved Permanently

[sbehera]

Scott,
we have constraint not to upgrade OS at this point because of implication to other application in same system. UPS needing TLS 1.2 so there has to be way not to use TLS1.3? Initializing myTLSV13 to *off in https_init was giving same error "Support for TLS 1.3 unavailable" so i commented following line of COMMSSLR4. "Support for TLS 1.3 unavailable" error is no more there but end up same error key database file was not found.

Not sure if issue is still to do with TLS1.3 but thinking if there some thing in wkEnvh while doing "eval rc = gsk_environment_init(wkEnvh)" that can be changed to avoid this issue?

Error:
TLS version 1.2 support enabled
initializing GSK environment
(GSKit) Key database file was not found.
(GSKit) Key database file was not found.
ssl_error(202): (GSKit) Key database file was not found.
SetError() #24: gsk_env_init: (GSKit) Key database file was not found.

Commented lines of COMMSSLR4:
1605.00 C* if TLS_set_version( peHandle
1606.00 C* : GSK_PROTOCOL_TLSV13
1607.00 c* : peTLSv13 ) = *OFF
1608.00 c* return *OFF
1609.00 c* endif

[Scott Klement]

You don't understand. You CANNOT use TLS 1.3. You don't need to do anything to prevent it from using it, it won't use it. The message that says "Support for TLS 1.3 unavailable." is NOT an error, it is just an informational message. It will NOT stop HTTPAPI from working. It's just to let you know that you can't use TLS 1.3.

The error is this:

Code: Select all

SetError() #24: gsk_env_init: (GSKit) Key database file was not found.

That has NOTHING to do with whether TLS 1.3 is available or not. It is completely unrelated to TLS 1.3.

That error is that the key database is not found. This is also known as the *SYSTEM certificate store. You need to create it in the Digital Certificate Manager, as I said when you first posted this.

1) Log into the Digital Certificate Manager.
2) Click "Create new certificate store"
3) Tell it to create the *SYSTEM certificate store.
4) Assign a password to the *SYSTEM certificate store. Write this down and store it in a safe place, you'll need it any time you make changes to SSL/TLS on your system.

Brad Stone has a nice write-up on how to create the *SYSTEM certificate store here:
https://docs.bvstools.com/home/ssl-docu ... stem-store

[sbehera]

Scott, thank you very much for your help. I was thinking Certificate store should be already there but now understand it was not. Did create and now moved one step forward but now issue is "No compatible cipher suite". Do not understand what does this mean... but reading

https://archive.midrange.com/midrange-l ... 00451.html
Below are my notes, disabling SSLv2, SSLv3, TLSV1.
IBM has released two PTFs to resolve SSL client issues, MF60335, SI57332

These 2 PTF might take care of this issue which i am in process, unless you have some other suggestion/option.....

Log:
initializing GSK environment
GSK Environment now available
--------------------------------------------------------------------------------
Dump of local-side certificate information:
--------------------------------------------------------------------------------
Nagle's algorithm (TCP_NODELAY) disabled.
Nagle's algorithm (TCP_NODELAY) disabled.
SNI hostname set to: wwwcie.ups.com
(GSKit) No compatible cipher suite available between SSL end points.
ssl_error(402): (GSKit) No compatible cipher suite available between SSL end points.
SetError() #30: SSL Handshake: (GSKit) No compatible cipher suite available betwween SSL end poin

[Scott Klement]

From my earlier post:

V7R1 only supports a few ciphers on TLS 1.1 or 1.2, which was a common source of frustration for people back when people still used V7R1. (Now you no longer hear this complaint, as nobody uses V7R1 anymore.)

[sbehera]

Hi Scott,
looking into list of Ciphers UPS supports i do not have any of those causing issue. However my purpose is to connect to USPS but was trying with UPS because you have example code provided and it will be easy to validate if my system meets requirement to make API calls.

Taking UPS tracking example have done small change to use for USPS delivery confirmation. According to log, i am able to send XML request and getting response back. Attached error log, is the error returned from USPS because my XML request is not right or issue in translating response?

USPS documentation:
2.2.1 Sample Request
Request: Package Track
<TrackRequest USERID="XXXXXXXXXXXX">
<TrackID ID="XXXXXXXXXXX1"></TrackID>
<TrackID ID="XXXXXXXXXXX2"></TrackID>
</TrackRequest>


Log:
POST /ShippingAPI.dll?%20%20%20%20%20%20%20%20%20API=TrackV2 HTTP/1.1
Host: secure.shippingapis.com
User-Agent: http-api/1.43
Content-Type: text/xml
Content-Length: 94
senddoc(): entered
<TrackRequest USERID=XXXXXXXX><TrackID ID=9400111899561509991377></TrackID></TrackRequest>
recvresp(): entered
HTTP/1.0 200 OK
X-Backside-Transport: OK OK
Host: XXXXXXXXX
User-Agent: http-api/1.43
Content-Type: text/xml
CLIENT-IP:XXXXXXX
Via: 1.1 ApplicationError_XML_Firewall
X-Client-IP: XXXXXXX,XXXXXXXX
X-Global-Transaction-ID: 8ac205fb614225ce45ed5993
X-Archived-Client-IP: XXXXXXXX
Date: Wed, 15 Sep 2021 16:56:46 GMT
Access-Control-Allow-Origin: *
Connection: Keep-Alive
Content-Length: 212
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-FRAME-OPTIONS: SAMEORIGIN
SetError() #13: HTTP/1.0 200 OK
recvresp(): end with 200
recvdoc parms: identity 212
header_load_cookies() entered
recvdoc(): entered
SetError() #0:
recvdoc(): Receiving 212 bytes.
<?xml version="1.0" encoding="UTF-8"?> <Error><Number>80040B19</Number><Description>XML Syntax Error: Please check the XML request to see if it can be parsed.</Description><Source>USPSCOM::DoAuth</Source></Error>
http_close(): entered

[Scott Klement]

Hello,

I'm not a USPS employee, and am not familiar with how their APIs work. (Also, I haven't used the UPS one in about 9 years, at a previous employer.)

If you want me to take a wild guess, I'd say your XML isn't valid. This is what the example shows:

Code: Select all

<TrackRequest USERID="XXXXXXXXXXXX">
<TrackID ID="XXXXXXXXXXX1"></TrackID>
<TrackID ID="XXXXXXXXXXX2"></TrackID>
</TrackRequest>

Notice that all of the XML attributes are specified with double quotes around them. It's USERID="XXXX", not USERID=XXXX. Likewise, ID="XXXXX", not ID=XXXXX.

However, this is what you are sending:

Code: Select all

<TrackRequest USERID=XXXXXXXX><TrackID ID=9400111899561509991377></TrackID></TrackRequest>

Notice that your USERID= and ID= are missing the quote marks. XML documents always require quotes on attributes, so I don't think this XML document will ever work.

Also, I see your URL has this in it %20%20%20%20%20%20%20%20%20 -- Are you sure the USPS site is expecting that? That looks like an RPG bug where you forgot to trim blanks out of part of the URL field.

[sbehera]

Hello Scott,
corrected items you mentioned but still same error, as you can see in log....Also trying to reach USPS....

Also how to capture the error USPS returning into my program?
Is Call to http_url_post_xml return data to data structure activity and each element of array contains one response record? When error happens(like in this case) or the response is some information (ex. "A status update is not yet available on your Priority Mail Express") how to make this available into my program?

When calling http_url_post_xml, is there full control of all the response comming back and how to do?

Log:
POST /ShippingAPI.dll?API=TrackV2 HTTP/1.1
Host: secure.shippingapis.com
User-Agent: http-api/1.43
Content-Type: text/xml
Content-Length: 98
senddoc(): entered
<TrackRequest USERID="xxxxxxx"><TrackID ID="9400111899561509991377"></TrackID></TrackRequest>
recvresp(): entered
HTTP/1.0 200 OK
SetError() #13: HTTP/1.0 200 OK
recvresp(): end with 200
recvdoc parms: identity 212
header_load_cookies() entered
recvdoc(): entered
SetError() #0:
recvdoc(): Receiving 212 bytes.
<?xml version="1.0" encoding="UTF-8"?> <Error><Number>80040B19</Number><Description>XML Syntax Error: Please check the XML request to see if it can be parsed.</Description><Source>USPSCOM::DoAuth</Source></Error>
http_close(): entered

[Scott Klement]

corrected items you mentioned but still same error, as you can see in log....Also trying to reach USPS....

I don't know what the problem is, here. You'll need to get USPS to explain what else is needed in the XML document -- I do not use their API or know what they require.

Also how to capture the error USPS returning into my program?

HTTPAPI will return the response exactly the same way for an error as it does for success. In this case, it is returning this document to your program:

Code: Select all

<?xml version="1.0" encoding="UTF-8"?> <Error><Number>80040B19</Number><Description>XML Syntax Error: Please check the XML request to see if it can be parsed.</Description><Source>USPSCOM::DoAuth</Source></Error>

Your program needs to parse that XML document and get the error message from it, and then do whatever it needs to do with errors.

Is Call to http_url_post_xml return data to data structure activity and each element of array contains one response record? When error happens(like in this case) or the response is some information (ex. "A status update is not yet available on your Priority Mail Express") how to make this available into my program?

Sorry, I don't understand what you mean by "data structure activity".

The old http_url_post_xml() routine returns XML to a callback routine. Most people don't use that routine anymore, they just return a string and parse it with XML-INTO or DATA-INTO.

When calling http_url_post_xml, is there full control of all the response comming back and how to do?

It returns the response to your program. Your program needs to utilize it. Is that what you mean by "full control"?

[sbehera]

Hello Scott,
looking into code, call to http_url_post_xml supposed to return a string of data into activity data structure which in turn broken into 100 records and each record is broken down to different field....

0071.00 d activity ds qualified
0072.00 d array dim(100)
0073.00 d Date 8A overlay(array)
0074.00 d Time 6A overlay(array:*next)
....
Also call to http_url_post_xml return number of record (counter) to variable "act" which in turn used to read each row inside for loop..
0134.00 for RRN = 1 to act;

In case of error also act should have value greater then 0 with first element of array variable containing error message? Doing debug, do see act is 0 after http_url_post_xml call and also no element of array has any data causing nothing to display in subfile when there is error. In dubug log i see error message but how to read this inside program? What variable gets this error message?

Is not call to http_url_post_xml parses xml, removes XML tags and return pure data into variable activity? If that is the case(if no XML tags available to caller program) how to distinguish between error and actual returned data?I had taken option to compile eXpat at the time of installation and do see EXPAT service program in libhttp. Is this the XML translator?

In your last response
("The old http_url_post_xml() routine returns XML to a callback routine. Most people don't use that routine anymore, they just return a string and parse it with XML-INTO or DATA-INTO.") i do not understand what you mean by ....

[sbehera]

Scott,
now looks like i got hold of concept of this package. I did not realize 2 procedure StartOfElement and EndOfElement is to control/manage the responses back. Yes i am able to capture the error and use the way i want. Now the part to handle actual response from USPS ( i mean the delivery confirmation data) which i do not think there will be issue for me to handle. Just working with USPS the reason why their system complaining that they are not able to parse the XML i am sending but should be figured out soon.

Thanks you very much.......