URLConnection Class and Windows SSL
Adrian Williamson
Hi,
I am having a play with the URL Connection class using an HTTPS based API and it is giving me this error when using 11.2 on Windows 10:
SSL peer certificate or SSHG remote key was not OK.
So I get that I need to setup the SSL on the client side (Windows 10 in this case)
I see that CURL got upgraded to use the built in winssl
But from Actian the documentation:
https://docs.actian.com/openroad/11.2/index.html#page/LangRef%2FUrlConnection_Class.htm%23
I see that this implementation is based on
Which makes me a little nervous.
If I look at the SSL options:
https://curl.se/libcurl/c/CURLOPT_SSL_OPTIONS.html
I can see CURLSSLOPT_AUTO_CLIENT_CERT and CURLSSLOPT_NATIVE_CA
But these are not listed in the Actian docs:
What do I need to do to get this to work with SSL?
Do I need to go down the CACERT route and get a PEM file to point at using CURLOPT_CAINFO for instance?
Thanks
Adrian
Bodo Bergmann
Hi Adrian,
OpenROAD’s UrlConnection class has been built with OpenSSL, so any options for Schannel (the native Windows SSL library) will not work.
We have not created
OpenROAD constants for all the (hundreds of) curl constants
(we did it for the constants used in the “option” parameter of the
SetOption() method and the “info” parameter of the GetInfo() method),
therefore you don’t see CURLSSLOPT_NATIVE_CA in the documentation.
But you can obtain the value from the curl header file: https://github.com/curl/curl/blob/master/include/curl/curl.h, where you have:
#define CURLSSLOPT_NATIVE_CA (1<<4)
And using your friend “calc”, you can see that 1<<4 is a decimal (integer) value of 16, so you could try this in your OpenROAD program:
urlc.SetOption(option=CURLOPT_SSL_OPTIONS, value=16);
If you want several “bits” set by the CURLOPT_SSL_OPTIONS option, then just add their values.
I have to admit, that I did not test all the (possible combinations of) options.
HTH.
Regards,
Bodo.
Bodo
Bergmann
Engineering Architect
Actian | OpenROAD Engineering
www.actian.com
GESELLSCHAFTSANGABEN: Actian Germany GmbH | Sitz der Gesellschaft: Halenreie 42, 22359 Hamburg
| Geschäftsführung: Stephen Padgett, Marc Monahan | Handelsregister: Amtsgericht Hamburg | HRB 135991 | USt-IdNr: DE252449897
--
You received this message because you are subscribed to the Google Groups "OpenROAD Users Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
openroad-user...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/openroad-users/004b01d7e078%246584d360%24308e7a20%24%40rationalcommerce.com.
Adrian Williamson
Hi Bodo,
That’s fine that nudges me in the PEM direction.
I did use CURLOPT_SSL_VERIFYPEER , value = false as hinted at here:
https://curl.se/docs/sslcerts.html
and the API gave me an application error back (return for the perform was ER_OK):
{"error":"Invalid Token","detail":"Please make sure that you are using the correct token."}
I’m going to ask the API owners what that is about.
Cheers
Adrian
PS Is there a hidden environment variable that will cause the curl library to be verbose into the trace window?
To view this discussion on the web visit https://groups.google.com/d/msgid/openroad-users/SJ0PR06MB78053B4AB59FBF3DEBC73DA193609%40SJ0PR06MB7805.namprd06.prod.outlook.com.
Bodo Bergmann
Hi Adrian,
For the “verbose” question:
There is no hidden environment variable, but you can set the CURLOPT_VERBOSE option to TRUE,
which causes verbose information about the transfer to be written to the
stderr stream during Perform().
Example:
urlc =
UrlConnection;
… // Do your other SetOption() method invocations
urlc.SetOption(option = CURLOPT_VERBOSE, value = TRUE);
urlc.Perform();
On Unix the stderr stream is printed on the command line where you started your
OpenROAD program from (unless you redirected it).
On Windows you will have to redirect stderr to a file, e.g.:
w4glrun
my.img 2>stderr.log
Cheers,
Bodo.
To view this discussion on the web visit https://groups.google.com/d/msgid/openroad-users/005a01d7e089%2423b7d2f0%246b2778d0%24%40rationalcommerce.com.
a...@rationalcommerce.com
Hi Adrian,
For the “verbose” question:
There is no hidden environment variable, but you can set the
CURLOPT_VERBOSE option to TRUE,
which causes verbose information about the transfer to be written to the
stderr stream during Perform().
Example:
urlc =
UrlConnection;
… // Do your other SetOption() method invocations
urlc.SetOption(option = CURLOPT_VERBOSE, value = TRUE);
urlc.Perform();
On Unix the stderr stream is printed on the command line where you started your
OpenROAD program from (unless you redirected it).
On Windows you will have to redirect stderr to a file, e.g.:
w4glrun
my.img 2>stderr.log
Cheers,
Bodo.
Adrian Williamson
Hi,
For the SSL solution, I downloaded the Mozilla CA certification store in PEM format from here:
https://curl.se/docs/caextract.html
You can get it from Mozilla as well, but I found that link first.
I then set the CURLOPT_CAINFO value:
urlc.SetOption(option = CURLOPT_CAINFO, value = 'C:\temp\cacert\cacert.pem');
Which then exposed my ropey indexing issue.
Cheers
Adrian
To view this discussion on the web visit https://groups.google.com/d/msgid/openroad-users/SJ0PR06MB780556BAC4F66631738271EA93609%40SJ0PR06MB7805.namprd06.prod.outlook.com.