[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: HTTPAPI GSKit access not allowed
Sender: Scott Klement <sk@xxxxxxxxxxxxxxxx>
> An extra bit of info if you have the time.
> When trying to resolve this I was searching the IBM info centre for any info
> on GSKit I could get. In particular I was trying to find a comprehensive
> list of GSKit errors & descriptions. I know you have a list in the GSKSSL_H
> source. Where can I get this from IBM ?
>
Start in the Information Center...
http://www.iseries.ibm.com/infocenter
After you've selected your region & release, there'll be two frames, on
the left will be a list of topics, and on the right will be the main text
window.
On the topics list on the left, select:
 Programming -> APIs -> APIs By Category.
In the main window, select
 Unix Type -> Secure Sockets API -> OS/400 Global Secure Toolkit
You should now have a list of GSKit APIs.  Select the one that you're
interested in reading about the errors for.
On the manual page for that API, there will be a list of possible errors
and descriptions of what causes them.  For example, the page for the
gsk_secure_soc_init() API has the following section in it:
Return Value
gsk_secure_soc_init() returns an integer. Possible values are:
[GSK_OK]
    gsk_secure_soc_init() was successful.
[GSK_INVALID_HANDLE]
    The handle specified was not valid.
[GSK_KEYRING_OPEN_ERROR]
    Certificate store file could not be opened.
[GSK_ERROR_BAD_KEYFILE_LABEL]
    The specified certificate store label is not valid.
[GSK_ERROR_BAD_V3_CIPHER]
    An SSLV3 or TLSV1 cipher suite was specified that is not valid.
[GSK_ERROR_BAD_V2_CIPHER]
    An SSLV2 cipher suite was specified that is not valid.
[GSK_ERROR_NO_CIPHERS]
    No ciphers available or no ciphers were specified.
[GSK_ERROR_NO_CERTIFICATE]
    No certificate is available for SSL processing.
[GSK_ERROR_BAD_CERTIFICATE]
    The certificate is bad.
[SSL_ERROR_NOT_TRUSTED_ROOT]
    The certificate is not signed by a trusted certificate authority.
[GSK_KEYFILE_CERT_EXPIRED]
    The validity time period of the certificate has expired.
[GSK_ERROR_BAD_MESSAGE]
    A badly formatted message was received.
[GSK_ERROR_UNSUPPORTED]
    Operation is not supported by SSL.
[GSK_ERROR_BAD_PEER]
    The peer system is not recognized.
[GSK_ERROR_CLOSED]
    The SSL session ended.
[GSK_AS400_ERROR_NO_INITIALIZE]
    A successful gsk_environment_init() was not previously called with
this handle.
[GSK_AS400_ERROR_TIMED_OUT]
    The value specified for the handshake timeout expired before the
handshake completed.
[GSK_AS400_ERROR_NOT_TCP]
    The socket descriptor type is not SOCK_STREAM or the address family is
not AF_INET or AF_INET6.
[GSK_AS400_ERROR_ALREADY_SECURE]
    The socket descriptor is already in use by another secure session.
[GSK_INSUFFICIENT_STORAGE]
    Unable to allocate storage for the requested operation.
[GSK_AS400_ERROR_INVALID_POINTER]
    The my_session_handle pointer is not valid.
[GSK_INTERNAL_ERROR]
    An unexpected error occurred during SSL processing.
[GSK_ERROR_IO]
    An error occurred in SSL processing, check errno value.
To find out what numbers correspond to the names in brackets above, you
have to check the source member that IBM gives you for using GSKit from
ILE C.  If you have the "System Openness Includes" option of OS/400
installed (that's the QSYSINC library) then you can do a:
    STRSEU SRCFILE(QSYSINC/H) SRCMBR(GSKSSL)
(Or equivalent -- obviously it'll work just as well from CODE/400, or
whatever other source editor you have...)
The error numbers are listed there...  for example:
 #define GSK_OS400_ERROR_NOT_TRUSTED_ROOT           6000
 #define GSK_OS400_ERROR_PASSWORD_EXPIRED           6001
 #define GSK_OS400_ERROR_NOT_REGISTERED             6002
 #define GSK_OS400_ERROR_NO_ACCESS                  6003
 #define GSK_OS400_ERROR_CLOSED                     6004
 #define GSK_OS400_ERROR_NO_CERTIFICATE_AUTHORITIES 6005
-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubsribe from the list send mail
to majordomo@xxxxxxxxxxxxx with the body: unsubscribe ftpapi mymailaddr
-----------------------------------------------------------------------