z/TPF - Group home

Support to generate symbolic links for SSL certificates (APAR PJ46281)

By Angel Baez posted Thu January 21, 2021 03:47 PM

  

Support to generate symbolic links for SSL certificates improves usability when you use SSL on the z/TPF system.

When you specify a file system directory for certificates in SSL, the OpenSSL package uses a hash value of the certificate to find the symbolic link for each certificate. For example, you specify a file system directory when you specify the certificate authority path (CAPATH) in the application configuration file for SSL or the CApath parameter on the SSL_CTX_load_verify_locations function.

Previously, you had to follow a tedious process to manually obtain those symbolic links for the z/TPF system. With this support, you can use ZPUBK REHASH command to generate symbolic links for the certificates in a directory. The ZPUBK REHASH command accepts a path to a directory of certificates as input, creates a symbolic link to each valid certificate, and removes any invalid symbolic links.

For more information about APAR PJ46281, see the APEDIT.