Announcement

Collapse
No announcement yet.

Getting Mia/SSL/MvCALL working (2021)

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Getting Mia/SSL/MvCALL working (2021)

    Most of the previous answers are around a decade old, so seeing if there is something new to get this all working.

    Currently using Miva Mia 5.33. Here is what diagtool says:
    s.mivaversion: 5.33
    s.server_software: Miva Mia/Miva Virtual Machine/5.33
    s.miva_sslavailable: 1
    s.document_root: D:\internet\html
    s.globaltimeout: 90
    s.arg1: /diagtool.mvc
    s.documenturl: http://MSI/diagtool.mvc?
    s.miva_config: cookies=1
    database_list[1]=MivaSQL
    database_list[2]=MySQL
    default_file=index.htm
    delay_file=100
    dir_ca=C:\MivaMia\CERTS\OPENSSL-1.0
    dir_data=D:\internet\mivadata
    dir_miva=D:\internet\html
    dir_user=public_hts
    error_syslog_ident=Miva
    flags_security=16384
    info_serveradmin=webmaster@localhost
    log_level=0
    ssl_crypto=libcrypto.so
    ssl_openssl=libssl.so
    ssl_sni=-1
    systemlib_list[1]=SSL
    systemlib_list[2]=Crypto
    timeout_call=30
    timeout_file=30
    timeout_global=90
    timeout_mail=30
    timeout_post=30
    I have `Win32OpenSSL-1_1_1L` installed on Windows 10 64-bit (because everything I've read says you still need to use the 32-bit version).
    I copied the `/certs/openssl-1.0` from a mivavm-v5.19.tar.gz file because that's the most recent version I have that still includes a certs folder and placed it into the path indicated.
    I added 'SSL' as a System-type library and pointed it to `C:\Windows\System32\libssl32.dll`
    I added `Crypto` as a System-type library and pointed it to `C:\Windows\System32\libeay32.dll`(as recommended here)

    But I still cannot get MvCALL to make secure connections...

    License manager: Unable to open URL 'https://licensemgr.miva.com/gateway/gateway.mv': Error establishing SSL connection: certificate verify failed
    Trying to connect to a REST API: https://us-weather-by-zip-code.p.rap...weatherzipcode -> Unable to open URL 'https://us-weather-by-zip-code.p.rapidapi.com/getweatherzipcode': Error establishing SSL connection: no start line

    What am I missing? I really need to get secure APIs running for my next project.

    #2
    How old is your cert bundle? If you're using Mia 5.33 and OpenSSL 1.0 it sounds like it could be several years, and that may be long enough that the bundle doesn't have Amazon's root in it.
    David Hubbard
    CIO
    Miva
    [email protected]
    http://www.miva.com

    Comment


      #3
      I don't think they need to be system libraries, but instead in Mia under the "SSL Settings" you should set the paths for the SSL / Crypto libraries.
      David Carver
      Miva, Inc. | Software Developer

      Comment


        #4
        Originally posted by ILoveHostasaurus View Post
        How old is your cert bundle? If you're using Mia 5.33 and OpenSSL 1.0 it sounds like it could be several years, and that may be long enough that the bundle doesn't have Amazon's root in it.
        Unfortunately, 5.19 is the last version I had that had a cert folder bundled in so that's the best I have. I don't know why they're not bundled with Mia anymore.

        I don't think they need to be system libraries, but instead in Mia under the "SSL Settings" you should set the paths for the SSL / Crypto libraries.
        I don't see a "SSL Settings" in Mia. Is this something brand new?

        I was able to get things working by unchecking all the "SSL/TLS Certificate Verification" options: Chain, Identity with Hostname, Identity with IP

        Which I guess is okay since this is just for prototyping, but I'd rather have the full setup.

        Thanks

        Comment


          #5
          We must've added that SSL Settings in 5.34. In that case you'll need to set the values directly in the registry (I don't think we had a configurable way within Mia before 5.34).

          Code:
          /user/Software/Miva/Miva Mia/VM/openssl
          /user/Software/Miva/Miva Mia/VM/openssl_crypto
          Those registry keys should contain the location of the SSL / SSL crypto libraries.
          David Carver
          Miva, Inc. | Software Developer

          Comment


            #6
            Originally posted by Scott McCollough View Post
            Unfortunately, 5.19 is the last version I had that had a cert folder bundled in so that's the best I have. I don't know why they're not bundled with Mia anymore.
            We stopped distributing the certs years ago as they were difficult to maintain and any of the certs were ever revoked it would force us to push a new update containing only that new cert. Now instead we rely on the file system to have an updated copy of root certificates.
            David Carver
            Miva, Inc. | Software Developer

            Comment


              #7
              I'm on to the next step...

              Here is an example of the curl

              Code:
              curl -H 'Content-Type: application/json' -H 'charset: UTF-8' -d '{"title": "foo","body": "bar","userId": 1}' 'https://jsonplaceholder.typicode.com/posts/'
              % Total % Received % Xferd Average Speed Time Time Time Current
              Dload Upload Total Spent Left Speed
              100 107 100 65 100 42 220 142 --:--:-- --:--:-- --:--:-- 363
              {
              "title": "foo",
              "body": "bar",
              "userId": 1,
              "id": 101
              }
              But when I try to accomplish the same via MvCALL

              Code:
                  <MvCAPTURE VARIABLE = "l.json"><MIVA STANDARDO UTPUTLEVEL = "text, compresswhitespace">
                      {
                          'title': 'foo',
                          'body': 'bar',
                          'userId': 2
                      }
                  <MIVA STANDARDOUTPUTLEVEL = ""></MvCAPTURE>
                  <MvASSIGN NAME      = "l.crlf"                           VALUE = "{ asciichar( 13 ) $ asciichar(  10 ) }">
                  <MvCALL ACTION      = "https://jsonplaceholder.typicode.com/posts"
                      METHOD          = "POST"
                      CONTENT-TYPE    = "application/json; charset=utf-8"
                      FIELDS          = "l.json"
                      FLAGS           = "noparse">
                      <MvASSIGN NAME = "l.response"                        VALUE = "{ l.response $ s.callvalue }">
                      <MvEVAL EXPR = "{ '<p>#DEBUG1:' $ s.callva lue $ '</p>' }">
                      <MvEVAL EXPR = "{ '<p>#DEBUG2:' $ s.json_d ata $ '</p>' }">
                      <MvEVAL EXPR = "{ '<p>#DEBUG3:' $ s.conten t_data $ '</p>' }">
                  </MvCALL>
                  <MvASSIGN NAME = "l.ok"             VALUE = "{  miva_json_decode( l.response, l.json_decode ) }">
                  <MvEVAL EXPR = "{ '<br>raw response(' $ l.resp onse $ ')' }">
                  <MvEVAL EXPR = "{ '<br>json decode(' $ l.json_ decode $ ')' }">
              I get this response:

              Code:
              #DEBUG1:{ "json": "{\r'title': 'foo',\r'body': 'bar',\r'userId': 2\r}\r", "id": 101 }
              #DEBUG2:
              #DEBUG3:
              raw response({ "json": "{\r'title': 'foo',\r'body': 'bar',\r'userId': 2\r}\r", "id": 101 })
              json decode(101,{ 'title': 'foo', 'body': 'bar', 'userId': 2 } )
              Note that the "id" of 101, is OUTSIDE of the JSON which is different than the curl version.

              Also, according the documentation:

              POST content type of "application/json" supported as of v5.32. The POSTed data will be parsed and stored in the s.json_data variable as a JSON object. The raw POSTed data will populate the s.content_data variable.
              Yet in this POST call they remain empty. Can anyone see what is missing?

              P.S. If I change the call to use RAW as the method, I get back a 500 error from the server.

              Comment


                #8
                You should be using RAW otherwise you're going to be sending www/url-encoded data. You could configure call logging and the diagtool to see exactly what is being sent. I suspect the reason you are getting the 500 error when using RAW is because you're sending invalid JSON. JSON member names / string values are wrapped in double quotes, not single quotes like you have it.

                In addition, as far as s.content_data/json_data goes that is for data POSTed to Miva, not for outgoing requests. So if you had a 3rd party service posting data to a screen you had control over, you could access that data via s.content_data / s.json_data.
                David Carver
                Miva, Inc. | Software Developer

                Comment

                Working...
                X