A fix is available
APAR status
Closed as program error.
Error description
Attempting to debug a failing CICS SSL Application using the SSL GSKSRVR Component Trace displays the following error: . CICS MESSAGE 00000004 09:14:39.277108 SSL_ERROR Job CICSNAME Process 00020136 Thread 00000001 default_setsocketoptions fcntl(F_GETFL) failed for socket 766487040: 113 - EDC5113I Bad file descriptor. . System SSL will put out this message when the File Descriptor that was passed to us is not a valid file descriptor. SSL will continue processing because it's not known if the application is sending us a pointer to a structure instead of the actual file descriptor. Therefore, the SSL Handshake will continue despite the error shown above. . The message is issued due to CICS not supplying a callback routine for SETSOCKETOPTIONS. This causes system SSL to use the native TCPIP routine which then fails with EBADF because the file desciptor passed to it is not a real file descriptor. CICS should provide a callback for the setsocketoptions call. . Additional Symptom(s) Search Keyword(s): KIXREVRJL
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: All CICS users * **************************************************************** * PROBLEM DESCRIPTION: An SSL component trace taken during a * * CICS SSL handshake process contains * * SSL_ERROR entries, but the handshake is * * successful. * **************************************************************** * RECOMMENDATION: * **************************************************************** CICS has not provided an io_setsocketoptions() callback routine to be used during the SSL handshake process, so System SSL attempts to use the default routine. However the socket descriptor passed to this routine is not a true socket descriptor, but is an internal token used by CICS. The default routine attempts an fcntl(F_GETFL) function, which fails with an EBADF response because of the invalid socket descriptor. The handshake is successful, but a SOCKET_ERROR condition is logged on the System SSL component trace. This can lead to misleading diagnostics. Additional keywords: MSGEDC5113I EDC5113I gsk_secure_socket_init
Problem conclusion
DFHSOSE has been changed to supply a dummy version of the io_setsocketoptions() callback routine.
Temporary fix
FIX AVAILABLE BY PTF ONLY
Comments
APAR Information
APAR number
PM78273
Reported component name
CICS TS Z/OS V4
Reported component ID
5655S9700
Reported release
700
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2012-12-03
Closed date
2013-03-26
Last modified date
2013-05-03
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
PM85135 UK93344 UK93345 UK93346
Modules/Macros
DFHLEPT@
Fix information
Fixed component name
CICS TS Z/OS V4
Fixed component ID
5655S9700
Applicable component levels
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"4.2","Edition":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"4.2","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
03 May 2013