Skip to Main Content
  • Questions
  • UTL_HTTP - Wallet - ACL ORA-29019: The protocol version is incorrect

Breadcrumb

Question and Answer

Connor McDonald

Thanks for the question, Madhan.

Asked: June 19, 2020 - 10:26 pm UTC

Answered by: Connor McDonald - Last updated: June 26, 2020 - 4:25 am UTC

Category: PL/SQL - Version: 1.2.1.0

Viewed 100+ times

You Asked

1)select * from v$version
BANNER CON_ID
Oracle Database 12c Enterprise Edition Release 12.1.0.2.0 - 64bit Production 0
PL/SQL Release 12.1.0.2.0 - Production 0
CORE 12.1.0.2.0 Production 0
TNS for Linux: Version 12.1.0.2.0 - Production 0
NLSRTL Version 12.1.0.2.0 - Production 0

2)select * from dba_network_acls
HOST LOWER_PORT UPPER_PORT ACL ACLID OWNER
secureaccess.test.com 1 10000 /sys/acls/http_exostar.xml 0000000080002B84 SYS

3)select * from dba_network_acl_privileges
ACL ACLID PRINCIPAL PRIVILEGE IS_GRANT INVERT START_DATE END_DATE ACL_OWNER
/sys/acls/http_exostar.xml 0000000080002B84 CORETGT resolve true false SYS
/sys/acls/http_exostar.xml 0000000080002B84 CORETGT connect true false SYS

4) Logged in as CORETGT User
declare
l_http_request UTL_HTTP.req;
l_http_response UTL_HTTP.resp;
BEGIN
utl_http.set_proxy('webproxy.mycompany.com:8080',''); -- This is required
utl_http.set_wallet('file:/opt/oracle/orcompany/admin/RIDEIT1E/xdb_wallet', 'WalletPasswd123');
l_http_request := UTL_HTTP.begin_request
(' https://secureaccess.test.com/credmgr/services/SamInviterService?accessNoLoginRedirect=1' ); -- Consider given URL working fine in IE
l_http_response := UTL_HTTP.get_response(l_http_request);
dbms_output.put_line('the response code ' || l_http_response.status_code);
end;

Error Message:
ORA-29273: HTTP request failed
ORA-29019: The protocol version is incorrect.
ORA-06512: at "SYS.UTL_HTTP", line 1258
ORA-06512: at line 9


and we said...

See MOS note

ORA-29019 with 12.1 UTL_HTTP query when URL uses SNI (Doc ID 2667991.1)


From the note

It is fixed in 12.2.0.1 and on but is not back portable due to TLS limitations on 12.1.

As a workaround, if you have a newer Database version (such as 12.2) you can create a function on this 12.2 database and a DBLink, with a synonym on the 12.1 database where you need to access the SNI url.

and you rated our response

  (2 ratings)

Reviews

June 22, 2020 - 10:18 pm UTC

Reviewer: Madhan Subbiah from PA

Thanks Tom.
As per your recommendation tried below in 12.2.

1)select * from v$version

BANNER CON_ID

Oracle Database 12c Enterprise Edition Release 12.2.0.1.0 - 64bit Production 0
PL/SQL Release 12.2.0.1.0 - Production 0
CORE 12.2.0.1.0 Production 0
TNS for Linux: Version 12.2.0.1.0 - Production 0
NLSRTL Version 12.2.0.1.0 - Production 0

2) select * from dba_network_acls

HOST LOWER_PORT UPPER_PORT ACL ACLID OWNER
secureaccess.startest.com 1 10000 /sys/acls/http_exostar.xml 0000000080002774 SYS

3)select * from dba_network_acl_privileges
ACL ACLID PRINCIPAL PRIVILEGE IS_GRANT INVERT START_DATE END_DATE ACL_OWNER
/sys/acls/http_exostar.xml 0000000080002774 CORETGT resolve true false SYS
/sys/acls/http_exostar.xml 0000000080002774 CORETGT connect true false SYS

4)Logged in SYS also to eliminate issue not with CORETGT user
declare
l_http_request UTL_HTTP.req;
l_http_response UTL_HTTP.resp;
BEGIN
utl_http.set_proxy('webproxy.mycompany.com:8080',''); -- This is required
utl_http.set_wallet('file:/opt/oracle/ormycompany/admin/RIDETEST/xdb_wallet', 'Mycompany123');
l_http_request := UTL_HTTP.begin_request
(' https://secureaccess.startest.com/credmgr/services/SamInviterService?accessNoLoginRedirect=1' ); -- Consider given URL working fine in IE
l_http_response := UTL_HTTP.get_response(l_http_request);
dbms_output.put_line('the response code ' || l_http_response.status_code);
end;

Error:
ORA-29273: HTTP request failed
ORA-29106: Cannot import PKCS #12 wallet.
ORA-06512: at "SYS.UTL_HTTP", line 380
ORA-06512: at "SYS.UTL_HTTP", line 1127
ORA-06512: at line 8
Connor McDonald

Followup  

June 23, 2020 - 3:35 am UTC

Well ... we're making progress :-)

Check out the following notes

"ORA-29106: Cannot import PKCS #12 wallet" Using TLS 1.0-1.2 and Certificates Signed With RSASSA-PSS Algorithm (Doc ID 2170147.1)


June 23, 2020 - 5:09 am UTC

Reviewer: madhan subbiah from PA USA

Sorry Tom for making U-Turn.

Tried via SYS in oracle 12.1 Version

1)select * from v$version

BANNER CON_ID
Oracle Database 12c Enterprise Edition Release 12.1.0.2.0 - 64bit Production 0
PL/SQL Release 12.1.0.2.0 - Production 0
CORE 12.1.0.2.0 Production 0
TNS for Linux: Version 12.1.0.2.0 - Production 0
NLSRTL Version 12.1.0.2.0 - Production 0

2)
declare
l_http_request UTL_HTTP.req;
l_http_response UTL_HTTP.resp;
BEGIN
utl_http.set_proxy('webproxy.mycompany.com:8080',''); -- This is required
utl_http.set_wallet('file:/opt/oracle/ormycompany/admin/RIDEIT1E/xdb_wallet', 'WalletPasswd123');
l_http_request := UTL_HTTP.begin_request(' https://secureaccess.test.com/' );
l_http_response := UTL_HTTP.get_response(l_http_request);
dbms_output.put_line('the response code ' || l_http_response.status_code);
END;

Outpu:
the response code 200

Does this mean code is working fine now and I can move forward by attaching SOAP envelope and see if this works?
If yes, can you please refer any sample code to move further on this.

Connor McDonald

Followup  

June 26, 2020 - 4:25 am UTC

Looks promising to me

More to Explore

PL/SQL

Check out more PL/SQL tutorials on our LiveSQL tool.