| View previous topic :: View next topic |
| Author |
Message |
jim.dillon@sentry.com
Beginner
Joined: 28 Aug 2020
Posts: 9
Topics: 4
|
 Posted: Fri Mar 12, 2021 10:59 am Post subject: HTTP/HTTPS Callable services |
 |
|
I'm trying to convert REXX calls to IP sockets to HTTP/HTTPS services as documented in z/OS MVS Callable Services for HLL. Per the sample code found in SYS1.SAMPLIB(HWTHXRX1), I:
1. Call HTTP_getToolkitConstants
2. Call HTTP_init
3. Call HTTP_setupConnection
4. Call HTTP_connect
I constantly die here with the message
| Code: |
"ATTLS detection OK: s=0 pol=NO_POLICY". In the HTTP_setupConnection routine I:
- Set verbose
- set my connection handle 'https://seer.sentry.com"
- set the port to 443
- have tried setting HWTH_OPT_USE_SSL to HWTH_SSL_USE
- have tried using HWTH_OPT_SSLKEYTYPE, HWTH_OPT_SSLKEY and
HWTH_OPT_SSLCLIENTAUTHLABEL with no luck
- I created a policy specifically for this environment:
#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌
#‌ SEER/OpsGenie Statements #‌
#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌
TTLSEnvironmentAction SEEREnvironment
{
HandshakeRole ServerWithClientAuth
TTLSEnvironmentAdvancedParms
{
TLSv1.2 On
ClientAuthType SAFCheck
}
TTLSKeyRingParms
{
Keyring NVEXEC/NETVIEW.RING
}
}
TTLSGroupAction SEERAction
{
TTLSEnabled On
Trace 0
}
- - - - - - - - - - - - - - - - - - - - - -
#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌
#‌ SEER/OpsGenie Agent Rules
#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌#‌
TTLSRule SEERRule
{
LocalPortRange 443
Direction Both
RemoteAddr 10.81.5.151
Userid NVEXEC
TTLSGroupActionRef SEERAction
TTLSEnvironmentActionRef SEEREnvironment
}
|
None of this has worked.
Does anyone have some ideas that I can try? |
|
| Back to top |
|
 |
kolusu
Site Admin
Joined: 26 Nov 2002
Posts: 12375
Topics: 75
Location: San Jose
|
| Posted: Fri Mar 12, 2021 11:22 am Post subject: |
|
|
jim.dillon@sentry.com,
Did you check if the KEYRING location is correct? It points to "NVEXEC/NETVIEW.RING"
Also can you post the error messages?
_________________
Kolusu
www.linkedin.com/in/kolusu |
|
| Back to top |
|
|
jim.dillon@sentry.com
Beginner
Joined: 28 Aug 2020
Posts: 9
Topics: 4
|
| Posted: Mon Mar 15, 2021 2:02 pm Post subject: |
|
|
Kolusu,
Hi. Thanks for your response. The ID I want is 'NVEXEC' and the ring I want to use is 'NETVIEW.RING'. I have coded an entry like this on the advice of a vendor and it appears to be working.
I searched the web and found an posting from New ERA Software and it mentioned some maintenance to this toolkit. This maintenance provided a new setting to specify some Cypher Suites which allowed me to make a connection. However, all settings are strictly in the code I am using and does
I am making progress! Thanks for your reply! |
|
| Back to top |
|
|
jim.dillon@sentry.com
Beginner
Joined: 28 Aug 2020
Posts: 9
Topics: 4
|
| Posted: Wed Mar 31, 2021 3:36 pm Post subject: |
|
|
| I have figured things out. These tools as listed in chapter 21 of manual z/OS MVS Callable Services for HLL, 'The z/OS HTTP/HTTPS protocol enabler' do not interface with the TCP policy agent as I as led to believe. All access and permissions must be set up using these tools using "HWTH_OPT_USE_SSL" and others. |
|
| Back to top |
|
|
|
|
|
FAQ
Search
Quick Manuals
Register
Profile
Log in to check your private messages
Log in
