Skip to Main Content
  • Questions

  • UTL_HTTP - Wallet - ACL ORA-29019: The protocol version is incorrect

Breadcrumb

Question and Answer

Connor McDonald

Thanks for the question, Madhan.

Asked: June 19, 2020 - 10:26 pm UTC

Last updated: June 26, 2020 - 4:25 am UTC

Version: 1.2.1.0

Viewed 10K+ times! This question is

You Asked

1)select * from v$version
BANNER CON_ID
Oracle Database 12c Enterprise Edition Release 12.1.0.2.0 - 64bit Production 0
PL/SQL Release 12.1.0.2.0 - Production 0
CORE 12.1.0.2.0 Production 0
TNS for Linux: Version 12.1.0.2.0 - Production 0
NLSRTL Version 12.1.0.2.0 - Production 0

2)select * from dba_network_acls
HOST LOWER_PORT UPPER_PORT ACL ACLID OWNER
secureaccess.test.com 1 10000 /sys/acls/http_exostar.xml 0000000080002B84 SYS

3)select * from dba_network_acl_privileges
ACL ACLID PRINCIPAL PRIVILEGE IS_GRANT INVERT START_DATE END_DATE ACL_OWNER
/sys/acls/http_exostar.xml 0000000080002B84 CORETGT resolve true false SYS
/sys/acls/http_exostar.xml 0000000080002B84 CORETGT connect true false SYS

4) Logged in as CORETGT User
declare
l_http_request UTL_HTTP.req;
l_http_response UTL_HTTP.resp;
BEGIN
utl_http.set_proxy('webproxy.mycompany.com:8080',''); -- This is required
utl_http.set_wallet('file:/opt/oracle/orcompany/admin/RIDEIT1E/xdb_wallet', 'WalletPasswd123');
l_http_request := UTL_HTTP.begin_request
(' https://secureaccess.test.com/credmgr/services/SamInviterService?accessNoLoginRedirect=1' ); -- Consider given URL working fine in IE
l_http_response := UTL_HTTP.get_response(l_http_request);
dbms_output.put_line('the response code ' || l_http_response.status_code);
end;

Error Message:
ORA-29273: HTTP request failed
ORA-29019: The protocol version is incorrect.
ORA-06512: at "SYS.UTL_HTTP", line 1258
ORA-06512: at line 9


and Connor said...

See MOS note

ORA-29019 with 12.1 UTL_HTTP query when URL uses SNI (Doc ID 2667991.1)


From the note

It is fixed in 12.2.0.1 and on but is not back portable due to TLS limitations on 12.1.

As a workaround, if you have a newer Database version (such as 12.2) you can create a function on this 12.2 database and a DBLink, with a synonym on the 12.1 database where you need to access the SNI url.

Rating

  (2 ratings)

Is this answer out of date? If it is, please let us know via a Comment

Comments

Madhan Subbiah, June 22, 2020 - 10:18 pm UTC

Thanks Tom.
As per your recommendation tried below in 12.2.

1)select * from v$version

BANNER CON_ID

Oracle Database 12c Enterprise Edition Release 12.2.0.1.0 - 64bit Production 0
PL/SQL Release 12.2.0.1.0 - Production 0
CORE 12.2.0.1.0 Production 0
TNS for Linux: Version 12.2.0.1.0 - Production 0
NLSRTL Version 12.2.0.1.0 - Production 0

2) select * from dba_network_acls

HOST LOWER_PORT UPPER_PORT ACL ACLID OWNER
secureaccess.startest.com 1 10000 /sys/acls/http_exostar.xml 0000000080002774 SYS

3)select * from dba_network_acl_privileges
ACL ACLID PRINCIPAL PRIVILEGE IS_GRANT INVERT START_DATE END_DATE ACL_OWNER
/sys/acls/http_exostar.xml 0000000080002774 CORETGT resolve true false SYS
/sys/acls/http_exostar.xml 0000000080002774 CORETGT connect true false SYS

4)Logged in SYS also to eliminate issue not with CORETGT user
declare
l_http_request UTL_HTTP.req;
l_http_response UTL_HTTP.resp;
BEGIN
utl_http.set_proxy('webproxy.mycompany.com:8080',''); -- This is required
utl_http.set_wallet('file:/opt/oracle/ormycompany/admin/RIDETEST/xdb_wallet', 'Mycompany123');
l_http_request := UTL_HTTP.begin_request
(' https://secureaccess.startest.com/credmgr/services/SamInviterService?accessNoLoginRedirect=1' ); -- Consider given URL working fine in IE
l_http_response := UTL_HTTP.get_response(l_http_request);
dbms_output.put_line('the response code ' || l_http_response.status_code);
end;

Error:
ORA-29273: HTTP request failed
ORA-29106: Cannot import PKCS #12 wallet.
ORA-06512: at "SYS.UTL_HTTP", line 380
ORA-06512: at "SYS.UTL_HTTP", line 1127
ORA-06512: at line 8
Connor McDonald
June 23, 2020 - 3:35 am UTC

Well ... we're making progress :-)

Check out the following notes

"ORA-29106: Cannot import PKCS #12 wallet" Using TLS 1.0-1.2 and Certificates Signed With RSASSA-PSS Algorithm (Doc ID 2170147.1)


madhan subbiah, June 23, 2020 - 5:09 am UTC

Sorry Tom for making U-Turn.

Tried via SYS in oracle 12.1 Version

1)select * from v$version

BANNER CON_ID
Oracle Database 12c Enterprise Edition Release 12.1.0.2.0 - 64bit Production 0
PL/SQL Release 12.1.0.2.0 - Production 0
CORE 12.1.0.2.0 Production 0
TNS for Linux: Version 12.1.0.2.0 - Production 0
NLSRTL Version 12.1.0.2.0 - Production 0

2)
declare
l_http_request UTL_HTTP.req;
l_http_response UTL_HTTP.resp;
BEGIN
utl_http.set_proxy('webproxy.mycompany.com:8080',''); -- This is required
utl_http.set_wallet('file:/opt/oracle/ormycompany/admin/RIDEIT1E/xdb_wallet', 'WalletPasswd123');
l_http_request := UTL_HTTP.begin_request(' https://secureaccess.test.com/' );
l_http_response := UTL_HTTP.get_response(l_http_request);
dbms_output.put_line('the response code ' || l_http_response.status_code);
END;

Outpu:
the response code 200

Does this mean code is working fine now and I can move forward by attaching SOAP envelope and see if this works?
If yes, can you please refer any sample code to move further on this.

Connor McDonald
June 26, 2020 - 4:25 am UTC

Looks promising to me
more

Connor and Chris don't just spend all day on AskTOM. You can also catch regular content via Connor's blog and Chris's blog. Or if video is more your thing, check out Connor's latest video and Chris's latest video from their Youtube channels. And of course, keep up to date with AskTOM via the official twitter account.

More to Explore

PL/SQL demos

Check out more PL/SQL tutorials on our LiveSQL tool.

PL/SQL docs

PL/SQL reference manual from the Oracle documentation library