axis-c-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kelvin Lin <kelvin_q_...@yahoo.com>
Subject Re: How to create a SSL client to support https
Date Thu, 12 Jul 2007 03:25:05 GMT
Hi Dumindu,

Sorry for reply later.

I have tried both two methods, including configuring pem file in the axis2.xml and specifying
it in the codes. But failed both.

I am not familiar with https protocol and do not know how to pass the certification by codes.

In short, I configure axis2.xml as:

    <transportSender name="https" class="axis2_http_sender">
        <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
    </transportSender>
    <!--<parameter name="SERVER_CERT">E:/Project/VS8/Axis2_prototype/debug/TrustList.pem</parameter>-->
    <!--<parameter name="KEY_FILE">E:\Project\VS8\Axis2_prototype\debug\TrustList.pem</parameter>
    <parameter name="SSL_PASSPHRASE">passphrase</parameter>-->

Then specify pem file in the code as:

    axutil_property_t *ssl_ca_file = axutil_property_create(env);
    axutil_property_set_value(ssl_ca_file, env,
    axutil_strdup(env, "E:/Project/VS8/Axis2_prototype/debug/TrustList.pem"));
    axis2_options_set_property(options, env, "SERVER_CERT", ssl_ca_file);

And I create TrustList.pem file following the manual of Axis2/C:

For testing purposes, you can use the server's certificate instead of the CA certificate.
You can obtain this by running the command openssl s_client -connect <servername>:<port>
and copying the portion of the output bounded by and including:
     
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----

Get the content of this file is:

-----BEGIN CERTIFICATE-----
MIIB7TCCAVagAwIBAgIEPygs+DANBgkqhkiG9w0BAQQFADA7MQswCQYDVQQGEwJV
UzEMMAoGA1UEChMDSUJNMQwwCgYDVQQLEwNTV0cxEDAOBgNVBAMTB2pzZXJ2ZXIw
HhcNMDMwNzMwMjAzOTIwWhcNMjExMDEzMjAzOTIwWjA7MQswCQYDVQQGEwJVUzEM
MAoGA1UEChMDSUJNMQwwCgYDVQQLEwNTV0cxEDAOBgNVBAMTB2pzZXJ2ZXIwgZ8w
DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAIQhMysAHrupK8YLnu54xipwbYfJw1ac
xMSNQPphN2ZQEznGNp1E8tONwN4RJ4nCW/5mQRFkErOUJW3ZQKP/gwK37HwKz1+V
OVOlQ9fitArsnEZTeqzdmBLa+vx7B7bZ8bIRPzI0CeWgQiYZZjSCsZz8JcQZxLM6
ob9mKE28VeZvAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAEPCRwEUBxz6+9A5/AoPB
LiYInrowLfY+w3xJyDCie+GneLnirL+1HXRBbNOJYQTCpzN00Cgq2M/LU6tUeeZQ
3gwidiqFUculi2Z+8wd60q8vy6qdJ1kvg9atwMdQV2LFf7TPNccmULD9/LV9h3AV
oBbsFukZAroF0ZvO+/4vrIk=
-----END CERTIFICATE-----

I think I no need Client certificate-key, so I comment it.

By the way, I input the address in the firefox directly, and get
get a certification page.(attached in the attachment).

My colleague once tried to send soap message created by gsoap,
although the message itself is wrong. But he still get some error
message back and in the console of the server, there are some error
messages like I mentioned before.

The key point is whatever I use any method and specify any file both
in the axis2.xml or in the codes, there is no any response, even error
messages.

The attachment is the web page I visit the address directly via firefox.

Thanks a lot.

Kelvin.Lin




Dumindu Pallewela <dumindu@wso2.com> wrote: Hi Kelvin,

Please find my comments inline.

Kelvin Lin wrote:

> Then I commented the explicitly setting property in the program and set 
> them in the axis2.xml like:
>  
>     
>         
HTTP/1.1

>     
>     

> name="SERVER_CERT">E:\Project\VS8\Axis2_prototype\debug\TrustList.pem

>     

> name="KEY_FILE">E:\Project\VS8\Axis2_prototype\debug\TrustList.pem

>     
passphrase

>  
> But it still no any effects.
>  
> How should I do?

I have not used the ssl client in windows lately. But it is *possible* 
that you need to use unix like path separators. eg:



name="SERVER_CERT">E:/Project/VS8/Axis2_prototype/debug/TrustList.pem


I doubt what you have done here... setting the same pem file for both 
the CA Certificate/Server Certificate and the Client certificate-key 
pair is not correct. If you don't need client authentication, only set 
the "SERVER_CERT" parameter.

Could you please explain me the content of the TrustList.pem?

Please let me know the specifics of the ssl authentication that you need 
(with client auth / without client auth?) so that I can give the exact 
config options necessary.

> By the way, in this web page: 
> http://people.apache.org/~dumindu/HowToConfigureSSL.html, I have two 
> suggests,
>  
> 1st, you still use axis2/c v0.96 api, like:
>  
> 
> ssl_ca_file = axis2_property_create(env);  AXIS2_PROPERTY_SET_VALUE(ssl_ca_file, env,
   axis2_strdup("/home/dumindu/dummyCA/demoCA/cacert.pem", env));  AXIS2_OPTIONS_SET_PROPERTY(options,
env, "SERVER_CERT", ssl_ca_file);
> 

Thanks, these should be changed as I've explained in my previous email.   :)

> 2nd, You can find the complete sample code here 
> . There is no link when 
> clicking "here".
>  

oops my bad, will add it there soon.

Thanks,
Dumindu.

---------------------------------------------------------------------
To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-c-user-help@ws.apache.org



       
---------------------------------
Looking for a deal? Find great prices on flights and hotels with Yahoo! FareChase.
Mime
View raw message