Announcement

Collapse
No announcement yet.

Integrating Nochex

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Hi Pete

    Will contact 34sp and ask about port 443 and report back if I get a sensible answer from them.

    Caite
    Caite
    www.tuppys.co.uk

    Comment


      update - 34sp say "We do not block any outgoing ports so there would be no issues here in
      your script contacting another server on port 443."
      Caite
      www.tuppys.co.uk

      Comment


        Caite,

        Have you passed your network settings to Support so that development can look at your server.

        Kind regards,
        Bruce King
        SellerDeck

        Comment


          Pete,

          To the original question:
          Can anyone confirm that Actinic and Nochex have been tested on a Linux system with the bare requirements of CPAN Perl 5.004 and MD5 with port 443 disabled and NO SSL support via crypt::SSLeay???
          Our response to that is correct, not in the way you meant it though. The above statement / question did not mention port 443 blocked for outgoing. We did test with port 443 disabled, the usual config is to have the incoming disabled as that is the security threat and outgoing from port 443 enabled. I think this has been a bit of a misunderstanding and miscommunication on the configuration part.


          Pete & Caite,

          If we set up hosting space on Actinic and provide you the network details so that you can upload your sites and check that your Nochex accounts work as they should on a default setup on a normal server. Will that help?

          There is really not much we can do beyond the disgnostics already done. The only thing you can perhaps do is ask your host if there is a stealth firewall, if there is to make changes to allow the Nochcex server IP address or disable and try.

          Kind regards,
          Bruce King
          SellerDeck

          Comment


            Hi Bruce - the hosting thing sounds like a good idea - that way we could confirm that the problem is definitely happening somewhere with our host companies rather than with actinic or nochex.

            It may help me with my communications with 34sp as well because at the moment I feel I'm asking questions that are way beyond the scope of their usual technical support, so being able to give them a really clear cut explanation of exactly where their server is stopping my site functioning correctly would probably help - and I'd very much like to get a resolution with 34sp because in general I have found them to be a very reliable good quality host, with a lot of support for 'extras'.

            I have given my network settings to support, but they've not come back with anything based on them, so presumably they are all as they should be - it seems the thing support could really do with is SSH access, but annoyingly we can't get that.

            Well, I'm going to be out of action for a week or so, but I'll get back to you all after that to give you an update on progress this end.
            Caite
            www.tuppys.co.uk

            Comment


              Originally posted by Bruce
              Pete,

              To the original question:


              Our response to that is correct, not in the way you meant it though. The above statement / question did not mention port 443 blocked for outgoing. We did test with port 443 disabled, the usual config is to have the incoming disabled as that is the security threat and outgoing from port 443 enabled. I think this has been a bit of a misunderstanding and miscommunication on the configuration part.
              Hi Bruce

              This is half the problem, your responses are often ‘correct’ but don’t answer the questions being asked or the issues being discussed. Certainly if I understood less about computer technology, I would be totally confused by now.

              You missed this bit from your quote:

              The connection will be established in this way...

              Merchant's server port X <-> Nochex server port 443

              Where X is a random number above 1024. For connecting from a script to a server, the server must have a static port number, so the script will know where to connect to. The server will retrieve the client's port number from the TCP frame of the request.
              Can you explain how I was to interpret that as anything other than my server doesn’t require port 443?

              Remember that some of our communication was also as a result of the ticket we started.

              my email 4th August:
              Thank you for the update

              Can you help me further to understand?

              Am I correct in understanding that the function/object/procedure or what ever a Perl programmer calls it, in script PostOCCNOCHEX.fil is:
              Code:
              ($status, $sError, $sHttpStatus, $sResponse) = ACTINIC::HTTPS_SendAndReceive('www.nochex.com', 443, 
                 '/nochex.dll/apc/apc', $sPostedData, 'POST', $::TRUE, $ssl_socket);
              This appears to be using with SSL protocols?

              Assuming that to be the case, it appears to be declared in alxxxxx.pm (where xxxxx is your script ID so can be different for each user)
              and has paramamters:
              Code:
              my ($sServer, $sPort, $sPath, $sContent, $sMethod, $bCloseConnection, $ssl_socket) = @_;
              therfore:
              $sServer ='www.nochex.com'
              $sPort=443
              $sPath:=/nochex.dll/apc/apc
              $sContent=$sPostedData
              $sMethod='POST'
              $bCloseConnection= TRUE
              $ssl_socket=$ssl_socket

              So when it is called from PostOCCNOCHEX.fil it is being told to POST on port 443?

              Does that not mean that my server should have port 443 open for outgoing traffic?

              Assuming that have not made any mistakes so far lets look at HTTPS_SendAndReceive:
              Code:
              #
              # Second attempt: ActinicSSL connection
              if ($@)         # Error occured - the SSL library is probably not available
                 {
                 require sc000001;
                 ($nResult, $sMessage, $ssl_socket) = new ActinicSSL($sServer, $sPort);
                 }
                }
              Notice
              # Error occured - the SSL library is probably not available
              I'm assuming that this comment is correct and that any calls to this procedure from scripts on servers where the SSL library is not present would go this route?

              This results in the call:
              Code:
              new ActinicSSL($sServer, $sPort);
              Assuming that to be the case, it appears to be declared in scxxxxx.pm (where xxxxx is your script ID so can be different for each user)

              This would appear to be the 'end of the line' for the procedure calls. Therefore if a random port is being used to post data I would assume it happens here? Can you please explain where?

              Am I correct in understanding it would be here:
              Code:
              my $Proto = shift;
               my $Class = ref($Proto) || $Proto;
               my $sServer = shift;
               my $sPort = shift;
              So am i correct in thinking the scripts try to post out on port 443 and when it fails it starts hunting for a port that works?

              To me this all points to the need for a port, other than 80, to be open to allow this connection.

              However, this is all using SSL, from what you have said there should be an HTTP equivalent?

              Can you please explain where I have gone wrong?


              Can you also please confirm that actinic has been tested on a server that does NOT have port 443 open and does not have crypt::SSLeay or an alternative installed?

              Could you please also tell me if you are any nearer determining what the problem is, if it is not an ssl support issue?
              Many thanks
              Regards
              Pete
              email responce from Actinic on 9th August
              Hi Pete

              Please find our developer's response attached below:
              -------------------------------------------------------------------------------------------

              First of all the package selection. HTTPS_SendAndReceive checks, if the NET::SSL package exist on the server. If not then it loads the Actinic package, which is always there.
              This is a performance issue. And now about the SSL connection. In that case the request is initiated from your server, call it as client and the target will be Nochex server, call it as server.

              The client to be able to make a connection, it needs a socket. So it requests a socket from the system. When the socket is provided by the system, it will assign a port to it, which is not used momentarily by the system, above number 1024. Let's assume it is 1358 in our case. Then, when the socket is ready, the routine sets some parameters in the socket, then tries to make a connection to www.nochex.com:443, which means, target IP address = 62.105.93.97 and the target port is 443. When the request is accepted at nochex server, then it will assign a socket for this connection, as port 443 is just a listening port, so it will assign a free port for it let's say 2476. When the connection is established, the socket will contain the following connection data:
              source ip address = 213.232.107.228 (www.pureskincare.co.uk)source port = 1358 destination IP address = 62.105.93.97 (www.nochex.com) destination port = 2476. The actual data stream will be delivered via these ports above. When the conversation is done between the client and server then the connection is closed and the ports are released.

              So, you can see the port 443 on your server is not involved at all. The SSL support for the connection is provided by NET::SSL or ActinicSSL.pm on client side and by the web server module on server side.
              What I don’t understand is why someone didn’t just put the software on your ‘bare minimum test rig’ and run a packet sniffer and get the correct answer straight away?

              If you can email me the ftp details for space hosted by yourselves I would be willing to try uploading to it.

              Pete

              Comment


                Pete

                Have you had any progress on this? I am still trying to get my site sorted with some actinic hosting to try and work out what's happening that way - but things seem to have ground to a halt. Hoping for news!

                Caite
                Caite
                www.tuppys.co.uk

                Comment


                  Is there any update on this situation? The last I heard there was some talk about arranging some kind of hosting on actinic so support could try and figure what's going on - but the last I heard was when I emailed some weeks ago with practical concerns and questions about this - and I've been totally ignored.

                  Mostly feeling pretty peeved now that I splashed out on what I thought was top of the range shop software, only to find that it doesn't do what it claims it does. I'm using a hosting company that's specification exceeds anything actinic claims to need, a payment processing company that is supposed to be integrated with actinic, and yet the thing still only half works and the best suggestion anyone can come up with is 'don't use that host' or 'don't use that payment processor' - but a/ what guarantee do I have that anything else will actually work any better? and b/ why the hell should I change from companies that I have used before and am confident of the service they provide to suit the needs of one company that seems to have mis-sold me some software?
                  Caite
                  www.tuppys.co.uk

                  Comment


                    'don't use that host'
                    I would still advocate this as a solution, as not all hosts are fully compliant.

                    In your place I would look for a new host that gives you 14 days free trial, with a temporary domain, thus you can upload and fully test before paying any money

                    Comment


                      Originally posted by caite
                      Is there any update on this situation? The last I heard there was some talk about arranging some kind of hosting on actinic so support could try and figure what's going on - but the last I heard was when I emailed some weeks ago with practical concerns and questions about this - and I've been totally ignored.

                      Mostly feeling pretty peeved now that I splashed out on what I thought was top of the range shop software, only to find that it doesn't do what it claims it does. I'm using a hosting company that's specification exceeds anything actinic claims to need, a payment processing company that is supposed to be integrated with actinic, and yet the thing still only half works and the best suggestion anyone can come up with is 'don't use that host' or 'don't use that payment processor' - but a/ what guarantee do I have that anything else will actually work any better? and b/ why the hell should I change from companies that I have used before and am confident of the service they provide to suit the needs of one company that seems to have mis-sold me some software?
                      Hi Caite

                      Sorry I missed your post before.

                      I quiet agree with your sentiments, they are ours too.

                      For us the problem was the port 443 being open issue, we verified it with other hosts, port 443 closed- APC doesnt work, Port 443 open- APC works. My post on the 31st Aug says it all really on this issue.

                      To rub salt into the wound, now we have over come that problem, we have found a bug in Actinic that means the stock control doesnt work in all situations

                      Pete

                      Comment


                        Hi Caite,

                        I sent you an email on 12 October regarding arranging the Actinic hosting for you, but I didn't get a response, so not sure if you received it. Could you send me an email (bpopplestone [@] actinic.co.uk) if you would like to move forward with this.

                        Thanks,

                        Ben
                        Ben Popplestone
                        Ecommerce website software

                        Comment

                        Working...
                        X