OpenEdge Progress 10.1B Posting to SHA1 Website

Posted by Gregory Robertson on 30-Sep-2015 18:37

Hello everyone,

I have a legacy system that is built on progress 10.1B.  We are in the process of converting out of this system and do not have support.  In the very near future PayFlowPro is upgrading their web security to SHA2 encryption and Progress 10.1B cannot post to SHA2, from what I have read.

I am in a bind as I need to process payments for a bit longer.  The ecommerce sites are fine, but the progress client cannot process transactions using a post from Progress.   I have the source code and I can see what is being called.

vhSocket:CONNECT('-H ' + p-host + ' -S ' + string(p-port) + " -ssl") NO-ERROR.
   ASSIGN p-respmsg = "Unable to communicate with payment gateway.  Please try again later".

I was trying to write a webservice that would act as a man in the middle.  If the Progress client posted to my link, which is customizable in the application, then I could process the transaction using PayFlowPro's API outside of Progress.  The issue is that I have configured the client to post to my site and it never hits IIS and the client gets the Unable to communicate error.  I have a SHA1 certificate and I can manually post to the site through .net code.  It seems that Progress isn't able to connect to IIS.

I am looking for any advice that you may have. 

I am trying to

1) Figure out how to debug what is breaking in Progress when the post is made using the Progress Client to determine how to fix IIS so that it will correctly communicate to Progress.

2) How can I build a sample program to post to my site and run it in progress?  I have tried to build the .p files and run them but they error on the basic code lines.

3) I think that a progress upgrade would allow the post to SHA2, but I would expect that the application may break if we did this, and how do we get an upgrade?

Thanks for any possible advice.

All Replies

Posted by Michael Jacobs on 01-Oct-2015 15:05

Release 10.1B's ABL client does not support SSL/TLS connections to external servers that use a SHA2 signed server certificate.  So the ABL client's connection is probably failing to validate the server's certificate.

If your IIS server's SSL/TLS certificate is signed using SHA ( i.e. SHA1 ), then your ABL code should just be able to connect to it - given that OpenEdge has a copy of the CA who signed and issued your IIS server's certificate.

You should be able to establish connectivity to your IIS server by just making a socket connection and then closing it.  If you can do that, then you can probably manually form a POST request and have it work.

Mike Jacobs

This thread is closed