APAR status
Closed as fixed if next.
Error description
FTP uses the KEYRING statement to build the stash file. FTP replaces the last extension in the KEYRING with a .sth . If the KEYRING has a last extension that is 3 characters or less, then SYSTEM SSL builds the stash file in the way FTP is expecting. But, if the KEYRING has a last extension of more than 3 characters, then SYSTEM SSL builds the stash file by taking the entire KEYRING and appending .sth . Since FTP is not expecting this, it builds the wrong stash file name, and FTP fails with: FC0441 ftpAuth: TLS init failed with rc = 201 (No key database password supplied) . KEYWORDS: FTP SSL TLS sth . VERIFICATION STEPS: A FTP trace with option SEC shows what keyring and stash file names. This will show the stash file used is not the name of the stash file that SYSTEM SSL built.
Local fix
Create a KEYRING with a name where the last extension is 3 characters or less
Problem summary
**************************************************************** * USERS AFFECTED: All users of the IBM Communications Server * * for z/OS Version 1 Release(s) 9, 10, and * * 11 IP: FTP * **************************************************************** * PROBLEM DESCRIPTION: FTP client gets FTPAUTH: TLS INIT * * FAILED WITH RC = 201 due to the * * stash file name not matching the stash * * file name created by SYSTEM SSL. * **************************************************************** * RECOMMENDATION: * **************************************************************** When the key ring file name has an extension of 3 characters or less, then SYSTEM SSL builds the stash file by replacing the extension with .sth . In this case both SSL and FTP stash file names will match. However, if the key ring file name has a last extension which is greater than 3 characters, then SYSTEM SSL builds the stash file by taking the entire key ring file name and appending .sth . This behavior was not clearly documented by SYSTEM SSL so the FTP code incorrectly replaced the last extension with .sth regardless of its length. This results in the SSL and FTP stash file names not matching, so FTP client fails with: FC0441 ftpAuth: TLS init failed with rc = 201 (No key database password supplied) An easy circumvention for the problem is to create the key ring file name where if there are extensions, the last extension is 3 characters or less. +-------------------------------------------------------------+ + Please check our Communications Server for OS/390 homepages + + for common networking tips and fixes. The URL for these + + homepages can be found in Informational APAR II11334. + +-------------------------------------------------------------+
Problem conclusion
Temporary fix
Comments
This APAR is being closed FIN (Fixed If Next) with concurrence from the submitting customer. This means that a fix to this APAR is expected to be delivered from IBM in a release (if any) to be available within the next 24 months. This problem will be tracked as Feature F149520 by Communications Server for z/OS Development. The solution for this APAR is included in CS for z/OS Version 1 Release 12.
APAR Information
APAR number
PM01158
Reported component name
TCP/IP V3 MVS
Reported component ID
5655HAL00
Reported release
1A0
Status
CLOSED FIN
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2009-11-12
Closed date
2009-11-19
Last modified date
2011-04-22
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Applicable component levels
R1AX PSN
UP
R1A0 PSN
UP
R18X PSN
UP
[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"1A0","Edition":"","Line of Business":{"code":"","label":""}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSCY4DZ","label":"DO NOT USE"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"1A0","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
22 April 2011