ASSERTION ERRORS IN TCPIP LEAD TO SSL FAILURES
APAR Identifier ...... PI30359 Last Changed ........ 15/02/16 ASSERTION ERRORS IN TCPIP LEAD TO SSL FAILURES Symptom ...... IN INCORROUT Status ........... CLOSED PER Severity ................... 2 Date Closed ......... 14/12/17 Component .......... 5735FAL00 Duplicate of ........ Reported Release ......... 630 Fixed Release ............ 999 Component Name TCP/IP V2 FOR V Special Notice Current Target Date .. Flags SCP ................... Platform ............ Status Detail: SHIPMENT - Packaged solution is available for shipment. PE PTF List: PTF List: Release 540 : UI24260 available 15/01/07 (1501 ) Release 620 : UI24025 available 15/01/07 (1000 ) Release 630 : UI24026 available 15/01/07 (1501 ) Parent APAR: Child APAR list: ERROR DESCRIPTION: The TCP/IP stack is hitting assertion errors such as the following during its handling of incoming SSL connections: . AMPX036I ASSERTION FAILURE CHECKING ERROR TRACE BACK OF CALLED ROUTINES ROUTINE STMT AT ADDRESS IN MODULE DOCONNECTIONSTATECHANGED 46 00DDEA50 SOCKREQ SSKNOTICE 54 00DDF31E SOCKREQ FASTNOTIFY 11 00D06D96 TCPUP SWORKON 75 00D094E0 TCPUP UpToTcp 3318 00E10A40 UpToIp 1112 00E0F7B6 QdioUnpa 1444 00E1CC92 QDIO_Pol 334 00E1C158 Schedule 802 00CD0A14 <MAIN-PROGRAM> 14 00C0B1FE TCPIP VSPASCAL 00E4722A . AMPX036I ASSERTION FAILURE CHECKING ERROR TRACE BACK OF CALLED ROUTINES ROUTINE STMT AT ADDRESS IN MODULE REMOVFRTCB 11 00CBFF80 TCQUEUE_QU DOCONNECTIONSTATECHANGED 40 00DDE9AE SOCKREQ SSKNOTICE 54 00DDF31E SOCKREQ FindAndS 88 00E124D2 Notify 168 00E12726 Schedule 2082 00CD0F14 <MAIN-PROGRAM> 14 00C0B1FE TCPIP VSPASCAL 00E4722A . These assertions are due to invalid data in the TCB structure and may eventually lead to abends in the TCP/IP stack or loss of SSL connectivity. LOCAL FIX: PROBLEM SUMMARY: **************************************************************** * USERS AFFECTED: All users of the z/VM TCP/IP SSL (Secure * * Socket Layer) server * **************************************************************** * PROBLEM DESCRIPTION: * **************************************************************** * RECOMMENDATION: APPLY PTF * **************************************************************** The TCP/IP stack is hitting assertion errors such as the following during its handling of incoming SSL connections: . AMPX036I ASSERTION FAILURE CHECKING ERROR TRACE BACK OF CALLED ROUTINES ROUTINE STMT AT ADDRESS IN MODULE DOCONNECTIONSTATECHANGED 46 00DDEA50 SOCKREQ SSKNOTICE 54 00DDF31E SOCKREQ FASTNOTIFY 11 00D06D96 TCPUP SWORKON 75 00D094E0 TCPUP UpToTcp 3318 00E10A40 UpToIp 1112 00E0F7B6 QdioUnpa 1444 00E1CC92 QDIO_Pol 334 00E1C158 Schedule 802 00CD0A14 <MAIN-PROGRAM> 14 00C0B1FE TCPIP VSPASCAL 00E4722A . AMPX036I ASSERTION FAILURE CHECKING ERROR TRACE BACK OF CALLED ROUTINES ROUTINE STMT AT ADDRESS IN MODULE REMOVFRTCB 11 00CBFF80 TCQUEUE_QU DOCONNECTIONSTATECHANGED 40 00DDE9AE SOCKREQ SSKNOTICE 54 00DDF31E SOCKREQ FindAndS 88 00E124D2 Notify 168 00E12726 Schedule 2082 00CD0F14 <MAIN-PROGRAM> 14 00C0B1FE TCPIP VSPASCAL 00E4722A . These assertions are due to invalid data in the TCB structure and may eventually lead to abends in the TCP/IP stack or loss of SSL connectivity. PROBLEM CONCLUSION: In part TCQUEUE PASCAL, the ReuseTCB routine (which prepares a TCB for re-use, by cleaning up appropriate fields) has been updated in order to set PrevFrustrated and NextFrustrated (that are later reused) to be nil. If the code finds there is data in the PrevFrustrated and NextFrustrated, which means the TCB is in a queue, it will remove the TCB from the queue decrease the queue size by 1. . In part T6PSSL and TCPSSL PASCAL, both the VSkSslAcc and SkSslAcc routine (which handles accept processing) have been updated in order to handle TCB error. The code will now detect that whether the TCB got from the accept queue is nil. If nil, it means there is no TCB in the accept queue to handle the secure connection, the code will then fail the connection attempt. With these updates, the code will also display one of two new error messages (documented below) to the TCPIP console log any time this error occurs. . --------------------------------------------------------------- . The two new error messages will be documented on page 510 in Chapter 18 (TCP/IP Server Messages), Section 18.2 (Numbered Messages) of the TCP/IP Messages and Codes manual (GC24-6237-06) as follows: . DTCSSL059E SkSslAcc: TCB is nil, connection will be rejected . EXPLANATION: An error occurred while TCP/IP was trying to accept a secure connection due to there is no TCB in the accept queue. . SYSTEM ACTION: TCP/IP fails the connection attempt. TCP/IP continues. . SYSTEM PROGRAMMER RESPONSE: None. ------------------------------------------------------------- DTCSSL060E VSkSslAcc: TCB is nil, connection will be rejected . EXPLANATION: An error occurred while TCP/IP was trying to accept a secure connection due to there is no TCB in the accept queue. . SYSTEM ACTION: TCP/IP fails the connection attempt. TCP/IP continues. . SYSTEM PROGRAMMER RESPONSE: None. TEMPORARY FIX: COMMENTS: MODULES/MACROS: MSTCP TCPSSL TCQUEUE T6PSSL SRLS: GC24623706 RTN CODES: CIRCUMVENTION: MESSAGE TO SUBMITTER: