Hi
I'm trying to get Progress Openedge to authenticate with our Office 365 so we can programatically upload files to Sharepoint.
I am stuck at the first hurdle as I cannot seem to get Progress to accept the url https://login.microsoftonline.com. It returns an error saying the certificate is graph.windows.net.
Secure Socket Layer (SSL) failure. error code -55: CONNECT HostName: (login.microsoft.com) does not match Certificate: (graph.windows.net) (9318)
I only receive this error for login.microsoftonline.com, it works for portal.azure.com, portal.office365.com and if I retrieve the needed cookie that login.microsoftonline returns it even works with the sharepoint url.
This is the code i've been using and I can get it to return status 200 when I use portal.azure.com . Any help is appreciated, i'm guessing its some sort of certificate config error but i'm not sure where to start as it is working for some of the other Microsoft Urls
BLOCK-LEVEL ON ERROR UNDO, THROW.
USING OpenEdge.Core.String.
USING OpenEdge.Net.HTTP.ClientBuilder.
USING OpenEdge.Net.HTTP.IHttpRequest.
USING OpenEdge.Net.HTTP.IHttpResponse.
USING OpenEdge.Net.HTTP.RequestBuilder.
DEFINE VARIABLE httpUrl AS CHARACTER NO-UNDO.
DEFINE VARIABLE oRequest AS IHttpRequest NO-UNDO.
DEFINE VARIABLE oResponse AS IHttpResponse NO-UNDO.
DEFINE VARIABLE oRequestBody AS String NO-UNDO.
DEFINE VARIABLE JsonString AS LONGCHAR NO-UNDO.
SESSION:DEBUG-ALERT = TRUE.
httpUrl = "https://portal.azure.com".
oRequestBody = new String('t=EwD4Ak6hBwAUNfDkMme61kIdXqvj9tWnUbHtXWEAAfCsKf9ngq9TDjSshoWijUD5+tMZomSy9vHCiAD5+Km58zSXUNygBTdyq4/oRg9ZAzOBHXtTi7skXgasVKg/1rQJA4f8i1Y7MI7gM94cLsrjJ4DEt0T/jAstwyWcy58oltrWSPazHX5krKh71EDgD86up4Ept92yT0nXvOQApYjNchBrnqiDIWhYl6hsFKzEJJB2qP5n3fvUz0csBQKc+CN71gdE3keBgfWbz2DeqAPOvQDcFOjvw0e7LRceEnZg8C7qbdRj0pX1syCoiASEHQBJgp2gTUAERjpD8ls1ZvWn/Spu4vQElVf6bDzpNVK8eFiKVxtG6UUqZC1AlndDUcMDZgAACF0vDnzzsfn6yAEClfeHkRScDEadksgmdN6uE6vNXLIFMTw0JCfiN62RwNjd1c1TsQUFQnN/iKKtc3jFTFonnY7EWT3GFjhe4bkVtyGE/+xc3yziRP/6WgSlfxih7veQpxcjJN0SP+FaET5ITIG8Fzrcf4H0QQl/3HBjMtCBpRIbNmbEp8zUR6LuSJp7wOJrB2VJeZkc5doiJXO0S/ryPpr1RL1IhgodLQOvcahjzO8DiCKbaZyu5tLhkK/xz2vhFOcDXiQ+4eXJ7Ttp6wZ0qeFaIsauM3Mszm9LxPs7c+5hE2fkewe2eA5geRMBHOUEM+S83E6SBpmsebSVLnNnJXzGspWcDtDr77ofu2t5Z4ktUkUc2u6+GtZH8UNypOitcQU0bK04CWpYR1zIWQXqV/CkJX6dg4GGyNWAWmJYUDAyfzQB1lEdMMAmwBBPiwMzp62x13lwxIoHKF/Y1sE7eKtxjIcoeFSCtVNlVUtVlIXpD4C9rngo2dAPsPkrTPRIRh4EFmsf6HO16aqoDq4RxASl2gAdhLL4a9OXkRJ3QPgxy0oQ3pge1cEvicgSQYDSJDZOJIOrKoIo8ouSCTVzoJcIZI4uwlipP4eZjGSgF5zCzdQmAg==&p=').
oRequest = RequestBuilder:Post(httpUrl, oRequestBody)
:AddHeader("Pragma", "no-cache")
:AddHeader("Accept-Language", "en-US,en;q=0.8")
:AddHeader("Content-Type", "application/x-www-form-urlencoded")
:AddHeader("Accept", "*/*")
:AddHeader("Connection", "keep-alive")
:AddHeader("Cache-Control", "no-cache")
:Request.
oResponse = ClientBuilder:Build():Client:Execute(oRequest).
MESSAGE
oResponse:StatusCode SKIP
oResponse:StatusReason SKIP
VIEW-AS ALERT-BOX.
Hi Niall,
Here, ABL client is verifying the Hostname of the service with the Hostname in the certificate as part of the SSL / TLS handshake. It is expected behavior. If you don't want it to be verified, you need to set "sslVerifyHost" parameter value to "false", please follow the below kbase to do so:
knowledgebase.progress.com/.../How-to-use-nohostverify-with-the-ABL-HTTPClient
Hope, it helps.
Thanks,
Srinivas Munigala
Hi Srinivas, I don't think disabling SSL is the solution especially for a login request. I agree that the client is verifying the host however using the same set of certificates curl can correctly verify login.microsoftonline.com for the request.
It’s not host verify then, it’s the certificate authority chain that you need to import… progress only trusts certificates that are added to it’s trust store, you need to add the full CA issuers chain so the certificate can be trusted.
Hi Marian Thanks for the info, So are you saying that this is probably an issue with Openedge and not a certificate issue ?
Hi Niall,
Just checking. Have you tried the suggest -nohostverify parameter
hServer:connect( "-H test.com -S 443 -nohostverify " )
It is not disabeling SSL, is only applying a slightly less strict verification method for hostnames.
No it still produces the same error
It looks like its not supported in 11.6.3.