TCP/IP SERVER UPDATES FOR SSL SERVER SUPPORT
APAR Identifier ...... PK73085 Last Changed ........ 09/03/24 TCP/IP SERVER UPDATES FOR SSL SERVER SUPPORT Symptom ...... IN INCORROUT Status ........... CLOSED PER Severity ................... 4 Date Closed ......... 08/12/02 Component .......... 5735FAL00 Duplicate of ........ Reported Release ......... 540 Fixed Release ............ 999 Component Name TCP/IP V2 FOR V Special Notice HIPER Current Target Date .. Flags SCP ................... FUNCTIONLOSS Platform ............ Status Detail: SHIPMENT - Packaged solution is available for shipment. PE PTF List: PTF List: Release 540 : UK40952 available 08/12/12 (0901 ) Parent APAR: Child APAR list: ERROR DESCRIPTION: Socket-related modifications are needed in the TCP/IP server to correct problems that cause the z/VM 540 SSL server to loop and report the socket errors cited here: ... DTCSSL050E mainSSL accept failed with rc: -1 errno: 122 DTCSSL050E mainSSL accept failed with rc: -1 errno: 113 ... LOCAL FIX: NONE. PROBLEM SUMMARY: **************************************************************** * USERS AFFECTED: ALL USERS OF THE Z/VM SSL SERVER * **************************************************************** * PROBLEM DESCRIPTION: * **************************************************************** * RECOMMENDATION: APPLY PTF * **************************************************************** After establishing multiple SSL protected connections using the z/VM SSL server, when all connections are terminated simultaneously, the following error messages may be reported continuously on the SSL server console: .... DTCSSL050E mainSSL accept failed with rc: -1 errno: 122 DTCSSL050E mainSSL accept failed with rc: -1 errno: 113 .... While the SSL server is in the above condition, the TCP/IP stack console may report the following error messages: .... hh:mm:ss DTCAPI001I IucvCheckRc: IUCV retcc 2 iprcode 0 on path n function 6 hh:mm:ss DTCAPI002I Userid SSLSERV TheSockNumber nn .... PROBLEM CONCLUSION: PROBLEM: When the SSL server handles the closing of an SSL connection, the TCP/IP server is told to cancel a prior socket RECV operation. However, the socket CANCEL requires that the TCP/IP server report return code -1 and errno 1009 to the RECV operation being canceled. If the OpenExtensions socket library performs the CANCEL of the prior RECV and returns to the application before SkSimpleResponse in the TCP/IP server issues IUCV REPLY for the canceled operation, the IUCV REPLY may fail unnoticed with CC=1 IPRCODE=X'18'. As a result of the failure, SkSimpleRsponse calls SSkSimpleResponse. SSKSimpleResponse also attempts an IUCV REPLY which fails with the following error msg being displayed and the IUCV connection between TCP/IP and the SSL server is severed. hh:mm:ss DTCAPI001I IucvCheckRc: IUCV retcc 2 iprcode 0 on path n function 6 hh:mm:ss DTCAPI002I Userid SSLSERV TheSockNumber nn The severing of the IUCV path results in the SSL server failing and continuously producing the error messages: ... DTCSSL050E mainSSL accept failed with rc: -1 errno: 122 DTCSSL050E mainSSL accept failed with rc: -1 errno: 113 ... APARs PK73085 and VM64540 are required to fix both of these problems related to SSL. SOLUTION: The Inter-User Communication Vehicles Socket (IUCV) interface to the TCP/IP server has been modified to provide a new version of the existing CANCEL function, CANCEL2. While CANCEL causes TCP/IP to respond to the canceled call with a return code of -1 and an errno value of 1009, CANCEL2 will not. The following parts are changed to provide the functionality for the CANCEL2 socket call: CMSOCK COPY, TCPEQUAT COPY, CMPRCOM PASCAL and TCSOCKRE PASCAL. DOCUMENTATION UPDATE: z/VM V5R4.0 TCP/IP Programmer's Reference (SC24-6126-02) Chapter 4. Inter-User Communication Vehicle Sockets IUCV Socket Calls CANCEL CANCEL and CANCEL2 The CANCEL and CANCEL2 calls are used to cancel a previously issued socket call. For the CANCEL call, TCP/IP responds to the canceled call with a return code of -1 and an errno value of 1009. For the CANCEL2 call, TCP/IP does not send a response to the canceled call. CANCEL2 is supported only for AF_INET. Keyword Value TRGCLS High-order halfword = 42 (CANCEL) High-order halfword = 43 (CANCEL2 is for af_inet only) Low-order halfword = Low-order halfword of TRGCLS from call to be canceled. DATA PRMMSG PRMMSG High-order fullword = High-order halfword of TRGCLS from call to be canceled. Low-order fullword = IUCV message ID of call to be canceled. ANSLEN 8 ANSBUF Points to a buffer to contain the reply from TCP/IP: +------------------------------------------------------------+ | | +------+-----+------+----------------------------------------+ |Offset|Name |Length| Comments | +------+-----+------+----------------------------------------+ | 0 | rc | 4 | The return code from the CANCEL call. | | | | | A return code of 0 indicates that the | | | | | call was successful. A return code of | | | | | -1 indicates that the function could | | | | | not be completed and that errno | | | | | contains a reason code. | +------+-----+------+----------------------------------------+ | 4 |errno| 4 | When the return code is -1, this field | | | | | contains a reason code. Possible | | | | | errno values are: | | | | | | | | | | 3 Specifies that the call | | | | | cannot be found. TCP/IP | | | | | might have already responded | | | | | to it. | | | | | | | | | | 22 Specifies that the call is | | | | | not a type that may be | | | | | canceled. | +------+-----+------+----------------------------------------+ TEMPORARY FIX: ********* * HIPER * ********* COMMENTS: MODULES/MACROS: ALLMACRO CMPRCOM CMSOCK COMMTXT TCPEQUAT TCPIP TCSOCKRE SRLS: SC24612602 RTN CODES: CIRCUMVENTION: MESSAGE TO SUBMITTER: