MQ

 View Only

  • 1.  Problems with SSLCryptoHardware on Ununtu

    IBM Champion
    Posted Fri March 05, 2021 06:07 AM
    In my mqclient.ini I have


    SSL:
      #  CertificateLabel=ECEC_P
      SSLKeyRepository=/home/colinpaice/mq/zzcolin
      OCSPAuthentication=OPTIONAL
      SSLCryptoHardware=GSK_PKCS11=/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so;my_key3;648219;SYMMETRIC_CIPHER_ON;

    When using this I get mqrc 2382 and the following in the amqerr01.log

    AMQ9629E: Bad SSL cryptographic hardware parameters.

    EXPLANATION:
    The following string was supplied to specify or control use of SSL
    cryptographic hardware:
    'GSK_PKCS11=/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so'. This string does not conform to any of the MQ SSL cryptographic parameter formats.

    The trace has     SSLCryptoHardware = 'GSK_PKCS11=/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so'

    The doc says separate the items in the list with the semi colon, but it looks like the semi colon has acted as an end of line and the rest of the line is ignore.  If I replace the ; with ' ' the whole string is printed.
    I am on MQ 9.2.1.0

    This feels like a very simple user error - but I cannot see it.   Has anyone had this working on Linux/Ubuntu?

    Colin




  • 2.  RE: Problems with SSLCryptoHardware on Ununtu

    IBM Champion
    Posted Fri March 05, 2021 06:52 AM
    Progress...  possible bug but missing documentation

    If you escape the ; it gets past the problem

     SSLCryptoHardware=GSK_PKCS11=/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so\;my_key3\;648219\;SYMMETRIC_CIPHER_ON\;

    and the trace has

     SSLCryptoHardware = 'GSK_PKCS11=/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so;my_key3;648219;SYMMETRIC_CIPHER_ON;'



    On Fri, 5 Mar 2021 at 11:06, Colin Paice <colinpaice3@gmail.com> wrote:
    In my mqclient.ini I have


    SSL:
      #  CertificateLabel=ECEC_P
      SSLKeyRepository=/home/colinpaice/mq/zzcolin
      OCSPAuthentication=OPTIONAL
      SSLCryptoHardware=GSK_PKCS11=/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so;my_key3;648219;SYMMETRIC_CIPHER_ON;

    When using this I get mqrc 2382 and the following in the amqerr01.log

    AMQ9629E: Bad SSL cryptographic hardware parameters.

    EXPLANATION:
    The following string was supplied to specify or control use of SSL
    cryptographic hardware:
    'GSK_PKCS11=/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so'. This string does not conform to any of the MQ SSL cryptographic parameter formats.

    The trace has     SSLCryptoHardware = 'GSK_PKCS11=/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so'

    The doc says separate the items in the list with the semi colon, but it looks like the semi colon has acted as an end of line and the rest of the line is ignore.  If I replace the ; with ' ' the whole string is printed.
    I am on MQ 9.2.1.0

    This feels like a very simple user error - but I cannot see it.   Has anyone had this working on Linux/Ubuntu?

    Colin





    Original Message


  • 3.  RE: Problems with SSLCryptoHardware on Ununtu

    Posted Mon March 08, 2021 12:06 PM
    Hi Colin,

    Sorry to hear you've hit this issue. I had a quick look at i suspect this is undocumented behaviour in MQ. I'll dig around a little more to confirm and get a doc change in so other people don't hit this issue in the future.

    Best Wishes,

    ------------------------------
    Rob Parker
    ------------------------------

    Original Message