Menu
We are using oracle 12.1.0.1.0.
We have been issuing https calls through utl_http to a number of services with no problems. We have been doing this for years and we have been using it for facebook authorization as well.
Lately, we are facing an issue with calling facebook.com urls in https that we cannot resolve. It seems to have coincinded with the switch of facebook to using certificates on the *.facebook.com. Though I hesitate to say that this is the cause, it may be related. Just to save you time, we are good with network acl grants and have not certificate validation errors.
The error code we get it problem we get is:
ORA-29273: HTTP request failed
ORA-06512: at "SYS.UTL_HTTP", line 1130
ORA-28750: unknown error
ORA-06512: at "SYS.UTL_HTTP", line 1130
The error ocurs on the pl/sql line that issues the utl_http.begin_request.
My question is: can anyone duplicate this problem? Has anyone been there and found a solution? Any input is appreciated.
I am including two examples: One is a call to the redhat.com domain which works fine. The other is a call to the facebook.com domain that has the above issue. The code used is the same in both cases. Both domains use a certificate on the *.domain.
Target page: https://www.redhat.com/en/about
-- Certificate chain for the redhat page
GTE CyberTrus Global Root
Baltimore CyberTrust Root <=== rh_01.crt
Cybertrust Public SureServer SV CA <=== rh_02.crt
*.redhat.com
-- The wallet contains the certificates marked by the arrow. We do not include the *.redhat.com certificate as only trusted certificates are supposed to go into the wallet.
-- Here is how the wallet for redhat.com was created.
orapki wallet create -wallet /dir1/rh -pwd walletpassword -auto_login
orapki wallet add -wallet /dir1/rh -trusted_cert -cert "/dir1/rh/rh_01.crt" -pwd walletpassword
orapki wallet add -wallet /dir1/rh -trusted_cert -cert "/dir1/rh/rh_02.crt" -pwd walletpassword
-- Here is the code that makes the https call.
declare
wrequest utl_http.req;
wwallet_location varchar2(400) := 'file:/dir1/rh';
wwallet_password varchar2(400) := 'walletpassword';
wurl varchar2(400) := 'https://www.redhat.com/en/about';
begin
utl_http.set_wallet(wwallet_location, wwallet_password);
wrequest := utl_http.begin_request(wurl, 'GET', utl_http.http_version_1_1);
end;
-- This works fine
=============================================== Here is the same setup that fails to call the facebook page.
Target page:https://www.facebook.com/login/identify?ctx=recover
-- Certificate chain for the facebook page
GTE CyberTrus Global Root
Baltimore CyberTrust Root <=== fc01_.crt
Digicert High Assurance EV Root CA <=== fc02_.crt
Digicert High Assurance CA-3 <=== fc03_.crt
*.facebook.com
-- The wallet contains the certificates marked by the arrow
-- Here is how the wallet for facebook was created.
orapki wallet create -wallet /dir1/fc -pwd walletpassword -auto_login
orapki wallet add -wallet /dir1/fc -trusted_cert -cert "/dir1/fc/fc_01.crt" -pwd walletpassword
orapki wallet add -wallet /dir1/fc -trusted_cert -cert "/dir1/fc/fc_02.crt" -pwd walletpassword
orapki wallet add -wallet /dir1/fc -trusted_cert -cert "/dir1/fc/fc_03.crt" -pwd walletpassword
-- Here is the code that makes the https call.
declare
wrequest utl_http.req;
wwallet_location varchar2(400) := 'file:/dir1/fc';
wwallet_password varchar2(400) := 'walletpassword';
wurl varchar2(400) := 'https://www.facebook.com/login/identify?ctx=recover';
begin
utl_http.set_wallet(wwallet_location, wwallet_password);
wrequest := utl_http.begin_request(wurl, 'GET', utl_http.http_version_1_1);
end;
-- This code give the error
ORA-29273: HTTP request failed
ORA-06512: at "SYS.UTL_HTTP", line 1130
ORA-28750: unknown error
ORA-06512: at "SYS.UTL_HTTP", line 1130
Can you duplicate this error? Or is it just me? Thanks in advance.
488
We are having same issue, and oracle confirmed they don't support wildcar SSL.
52
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
