PJ41170: ENHANCE INETD SERVER FOR Z/TPF TO INCLUDE AN SSL MODEL.

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

APAR status

  • Closed as program error.

Error description

  • See Problem Summary.
    

Local fix

  • n/a
    

Problem summary

  • APAR NUMBER:  PJ41170
    PRODUCT:  z/TPF
    FUNCTIONAL AREA:  TCP/IP APPLICATION LAYER
    SHIPPED IN PUT:  10
    
    ABSTRACT:
    Enhance z/TPF Internet Daemon (INETD) support to include an SSL
    model.
    
    PACKAGE CONTENTS:
    Source Segments:
    (C) base/cntl/tpf_app_base.cntl
    (C) base/cntl/tpf_app_base_ux.cntl
    (N) base/include/tpf/cussl.h
    (N) base/include/tpf/inetdssl.h
    (C) base/include/tpf/i_netd.h
    (C) base/rt/cinet1.c
    (C) base/rt/cinet2.c
    (C) base/rt/cinet3.c
    (C) base/rt/cinet4.c
    (C) base/rt/cinet5.c
    (C) base/rt/cinetb.c
    (N) base/rt/cinetc.c
    (N) base/rt/cltc.mak
    (C) base/rt/cltx.mak
    (C) base/rt/ctkr.asm
    (N) base/rt/ussl.c
    (N) base/rt/ussl.mak
    
    Object Only Binaries:
    None.
    
    Configuration Independent Binaries:
    (N) base/lib/libCLTC.so
    (C) base/lib/libCLTV.so
    (C) base/lib/libCLTY.so
    (C) base/load/CLTB.so
    (N) base/load/CLTC.so
    (C) base/load/CLTV.so
    (C) base/load/CLTW.so
    (C) base/load/CLTX.so
    (C) base/load/CLTY.so
    (C) base/load/CTKR.so
    (C) base/obj/cinet1.o
    (C) base/obj/cinet2.o
    (C) base/obj/cinet3.o
    (C) base/obj/cinet4.o
    (C) base/obj/cinet5.o
    (C) base/obj/cinetb.o
    (N) base/obj/cinetc.o
    (C) base/obj/ctkr.o
    
    Support Files:
    base/lst/cinet1.lst
    base/lst/cinet2.lst
    base/lst/cinet3.lst
    base/lst/cinet4.lst
    base/lst/cinet5.lst
    base/lst/cinetb.lst
    base/lst/cinetc.lst
    base/lst/ctkr.lst
    base/lst/CLTB.map
    base/lst/CLTC.map
    base/lst/CLTV.map
    base/lst/CLTW.map
    base/lst/CLTX.map
    base/lst/CLTY.map
    base/lst/CTKR.map
    
    OTHER BINARIES TO BUILD: YES
    (N) <sys>/lib/libUSSL.so
    (N) <sys>/load/USSL.so
    (N) <sys>/obj/ussl.o
    (C) <sys>/load/IPAT.so
    (C) <sys>/stdlib/libTPFSTUB.so
    (C) <sys>/stdload/TPFSTUB.so
    (C) <sys>/obj/ipat.o
    COMMENTS:
    The z/TPF system can enable shared secure sockets layer (SSL)
    sessions across multiple processes. To use shared SSL sessions,
    SSL server applications create and manage a context (CTX)
    structure that is shared by all of the SSL sessions for the
    application. These applications also issue the SSL functions
    needed to set up and complete the SSL handshake with an SSL
    client. However, using shared SSL sessions does not ensure that
    shared SSL server applications are written efficiently. Shared
    SSL server applications can consume a large amount of resources
    if they are not written efficiently. For example, a shared SSL
    server application program can create one CTX structure for
    each SSL session instead of creating one CTX for each SSL
    application. By creating one CTX per SSL session, more system
    resources are consumed and more file system input/output (I/O)
    is performed, thus decreasing the efficiency of the server
    application. A new Internet Daemon model is needed to create
    the CTX and issue the SSL functions needed to complete the SSL
    handshake with other SSL clients in order to spare the SSL
    application from issuing those functions and improve the
    efficiency of the application.
    There is also a base z/TPF problem in which the z/TPF CRAS to
    1052 schedule does not stop the SSL daemon on system
    cycle-down. When the system cycles back to CRAS state or above,
    the SSL deamon is not started because it was not stopped during
    the system cycle-down.
    

Problem conclusion

  • SOLUTION:
    z/TPF Internet Daemon support has been enhanced to include an
    SSL model. This new model will issue the SSL functions needed
    to complete the handshake with the SSL client and share SSL
    sessions across multiple processes. In addition, the new
    Internet Daemon model will create and manage the CTX structure
    that is shared by all sessions of a server application. A new
    user exit, the INETD SSL model server application user exit
    (USSL), has been created to allow users to perform
    initialization and cleanup tasks when an INETD SSL server is
    being started or stopped.
    Users of the new INETD SSL model will need to provide a new
    application configuration file for SSL. This configuration file
    must be placed in a new directory called /etc/inetd/ssl and use
    the following naming convention:
    /etc/ssl/inetd/servername.conf, where servername is the name of
    the z/TPF SSL server to be created and managed by the INETD SSL
    model. In addition, users of the INETD SSL model must provide
    the server application programs that read and write data to and
    from each SSL client and handle the freeing of the SSL
    structure and the closing of the connection.
    With the new INETD SSL model support installed, the application
    program is freed from creating and managing the SSL context
    structure and from setting up and completing the SSL handshake.
    This allows applications to become simpler and more efficient.
    This APAR also ensures that the z/TPF CRAS to 1052 schedule in
    program ctkr.asm stops the SSL daemons on system cycle-down.
    
    COREQS: NO
    None.
    
    MIGRATION CONSIDERATIONS: YES
    Functional, automation, and operation changes:
    A new parameter for the MODEL parameter of the ZINET ADD
    command has been defined, called SSL.  New message IDs
    INET0133E, INET0134E, INET0135E, INET0136W, INET0140E,
    INET0141E, INET0142E, INET0143E, and INET0144E have been
    created.
    Application programming interface (API) changes:
    Program cinetc.c issues an __ENTDC() function to enter the SSL
    server application. Program cinetc.c will provide the following
    interface to the server application:
    EBROUT of the ECB work area is set to 0.
    EBW008-EBW011 contains the client connection socket.
    EBW016-EBW023 contains the parameter string specified with the
    PARM parameter of the ZINET ADD command.
    EBW023-EBW031 contains the SSL token associated with the new
    SSL session.
    
    User exit changes:
    A new user exit, the INETD SSL model server application user
    exit (USSL), has been created to allow customers to perform
    initialization tasks when an INETD SSL model server is being
    started or cleanup operations when the server is being stopped.
    Communications changes:
    Users of the new INETD SSL model will need to provide a new
    application configuration file for SSL. This configuration file
    must be placed in a new directory called /etc/inetd/ssl and use
    the following naming convention:
    /etc/ssl/inetd/servername.conf, where servername is the name of
    the z/TPF SSL server to be created and managed by the INETD SSL
    model.
    Coexistence, migration, and fallback considerations:
    When adding servers for the INETD SSL model with the ZINET ADD
    command, the servers will be added to the Internet daemon
    configuration file for all images on a z/TPF system. These
    images must have the code for this APAR installed or an
    OPR-7707 system error (INETD LISTENER MODEL ERROR) will occur
    if the INETD SSL server is started on those images that do not
    have the APAR installed.
    
    BUILD COMMANDS AND INSTRUCTIONS: YES
    #maketpf commands for linux
    maketpf -f USSL ussl.o
    maketpf -f CTKR ctkr.o
    maketpf -f CLTY cinet2.o cinet5.o
    maketpf -f CLTB cinetb.o
    maketpf -f CLTC cinetc.o
    maketpf -f CLTV cinet1.o
    maketpf -f CLTW cinet3.o
    maketpf -f CLTX cinet4.o
    maketpf -f TPFSTUB
    maketpf -f IPAT
    maketpf USSL link TPF_VERIFY_LINK_REFS=NO
    maketpf CTKR link
    maketpf CLTY link TPF_VERIFY_LINK_REFS=NO
    maketpf CLTB link
    maketpf CLTC link TPF_VERIFY_LINK_REFS=NO
    maketpf CLTV link
    maketpf CLTW link
    maketpf CLTX link TPF_VERIFY_LINK_REFS=NO
    maketpf USSL link
    maketpf CLTY link
    maketpf CLTC link
    maketpf CLTX link
    
    UPDATED INFORMATION UNITS: YES
    z/TPF and z/TPFDF Migration Guide: PUT 2 and Later
    z/TPF and z/TPFDF System Installation and Support Reference
    z/TPF Application Programming
    z/TPF Concepts and Structures
    z/TPF Messages (Online, SQLCODEs, and errno Values)
    z/TPF Messages (System Error, Offline, and Program Status Word)
    z/TPF Operations
    z/TPF Security
    z/TPF TCP/IP
    
    See your IBM representative if you need additional information.
    
    DOWNLOAD INSTRUCTIONS:
    http://www.ibm.com/software/htp/tpf/maint/maintztpf.html
    
    APAR URL:
    http://www.ibm.com/software/htp/tpf/ztpfmaint/put10/PJ41170.htm
    

Temporary fix

Comments

APAR Information

  • APAR number

    PJ41170

  • Reported component name

    Z/TPF

  • Reported component ID

    5748T1501

  • Reported release

    110

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2013-04-19

  • Closed date

    2013-10-23

  • Last modified date

    2013-10-23

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Publications Referenced
SK2T8062        

Fix information

  • Fixed component name

    Z/TPF

  • Fixed component ID

    5748T1501

Applicable component levels

  • R110 PSY

       UP



Rate this page:

(0 users)Average rating

Document information


More support for:

TPF
z/TPF

Software version:

110

Reference #:

PJ41170

Modified date:

2013-10-23

Translate my page

Machine Translation

Content navigation