Avoiding SSL-Verification

[Wolfgang Schölmberger]

Hi everybody,

OE11.7.2, Win 8.1

i'm trying to avoid SSL-verification with the following code, but it doesn't seem to work, i still keep geting Error 9318.

USING OpenEdge.Net.HTTP.RequestBuilder.
USING OpenEdge.Net.HTTP.IHttpRequest.
USING OpenEdge.Net.HTTP.IHttpResponse.
USING OpenEdge.Net.HTTP.ClientBuilder.
USING OpenEdge.Net.HTTP.IHttpClientLibrary.
USING OpenEdge.Net.HTTP.Lib.ClientLibraryBuilder. 

DEFINE VARIABLE oLib            AS OpenEdge.Net.HTTP.IHttpClientLibrary NO-UNDO.
DEFINE VARIABLE oHttpClient     AS OpenEdge.Net.HTTP.IHttpClient        NO-UNDO.
DEFINE VARIABLE oRequest        AS OpenEdge.Net.HTTP.IHttpRequest       NO-UNDO.
DEFINE VARIABLE oResponse       AS OpenEdge.Net.HTTP.IHttpResponse      NO-UNDO.

ASSIGN
     oLib        = ClientLibraryBuilder:Build():sslVerifyHost(NO):library
     oHttpClient = ClientBuilder:Build():UsingLibrary(oLib):Client
/*   oRequest    = RequestBuilder:Get("https://datapadmo.it-park.at/api/task/xp_AppGetTask.xsp?u=connect/immoware&p=28immoware05!&anr=123456"):Request*/
     oRequest    = RequestBuilder:Get("DataPad"):Request
.
MESSAGE "OK until now" VIEW-AS ALERT-BOX INFO BUTTONS OK.
ASSIGN
     oResponse   = oHttpClient:Execute(oRequest)
.
MESSAGE "DONE !" VIEW-AS ALERT-BOX INFO BUTTONS OK.

What am I doing wrong ?

TIA, Wolf

 

[Cringer]

What is error 9318?

 

[Rob Fitzpatrick]

From ProKB:

Secure Socket Layer (SSL) failure. error code <err_number>: <ssl_error_message> (9318)

An error occurred processing an SSL API request. This could be
a general TCP network error or an error processing the validation
of the digital certificate.

 

[Wolfgang Schölmberger]

9318: Secure Socket Layer (SSL) unsucessfull - unable to get local issuer certificate for .......

I have no SSL-certificate and the administrator of the website I want to access claimes that I don't need any.
So I hoped by using...

oLib = ClientLibraryBuilder:Build():sslVerifyHost(NO):library

...I would be able to bypass the SSL-verification, thus avoiding error 9318, but I still get it. So sslVerifyHost(NO) seem to have no effect or I'm doing something wrong

 

[RealHeavyDude]

As fas as I know, the no host verify still needs the root certificate but it does not verify the host name in the ssl server certificate presented to the client. Without no host verify, when you visit for example www.amazon.com the host name in the ssl server certificat must match the domain name in the URL otherwise an SSL handshake error will occur.

If the admin of the server you are calling states that you don't need the root certificate than he or she surely does not know anything about SSL. But, if they are using a well-known certificate authority then you should be able to get it easily. The web browser downloads SSL root certificates from the certificate authority which are not included out-of-the-box automatically in the background when you first visit web site signed by such a certificate authority. Progress OpenEdge does not - so you must manually import it into the certificate store of the OpenEdge installation.

If you know which certificate authority signed their certificate then you can easily download it from the web site of the certificate authority and import it into the OpenEdge certificate store.

Hope that helps.

 

[RealHeavyDude]

Forgot to add: The Google Chrome and M$ browsers like Edge and IE use the Windows certificate store ( Mozilla FireFox uses its own ). Via the MMC (Microsoft Management Console) you can also export root certificates from the Windows certificate store and import them into the Progress OpenEdge certificate store.

 

[Wolfgang Schölmberger]

Thanks RHD: I did what you proposed and installed the root-certificate. Now the error is gone.

...but my problem is far away from beeing solved: I don't get the expected answer from the website.
But as this has nothing to do with SSL-verification (hopefully), I close this thread as 'answered' and start a new one, hoping that you will comment on this as well

Thanks, Wolf