Please login or register. December 15, 2018, 09:30:21 PM

Author Topic: NIM + SSL  (Read 16157 times)

0 Members and 1 Guest are viewing this topic.

eckertd

  • Jr. Member
  • **
  • Posts: 6
  • Karma: +0/-0
NIM + SSL
« on: January 20, 2009, 02:25:13 PM »
Has anyone enabled cryptographic authentication on their NIM master using OpenSSL 0.9.8.601 (or later)? 

This version(s) is delivered in installp format (from https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=aixbp/bin/ar -v -x /usr/lib/libssl.a /usr/lib/libssl.so.0
ar: 0707-109 Member name /usr/lib/libssl.so.0 does not exist.


Seems libssl.so.0 and libcrypto.so.0 are not delivered by openssl.base, at least not in v0.9.8.601.

Do you think it'd be ok to comment out the 'ar' lines and let the make complete?



wojtekr72

  • Registered
  • *
  • Posts: 1
  • Karma: +0/-0
Re: NIM + SSL
« Reply #1 on: April 06, 2009, 06:15:27 PM »
You should edit this script and change
/bin/ar -v -x /usr/lib/libssl.a /usr/lib/libssl.so.0
to
/bin/ar -v -x /usr/lib/libssl.a /usr/lib/libssl.so.0.9.8

But this not solving my issue, after succesfull client deployment each nim operation ends with errors:

0042-001 nim: processing error encountered on "master":
   0042-006 m_showlog: (From_Master) connect A connection with a remote socket was reset by that socket.

        0042-404 nconn: Error connecting to SSL object.
        0042-406 nconn: Error verifying SSL object after connection.
nconn: kwtdb01: A connection with a remote socket was reset by that socket.

Michael

  • Administrator
  • Hero Member
  • *****
  • Posts: 1101
  • Karma: +0/-0
Re: NIM + SSL
« Reply #2 on: April 07, 2009, 07:10:10 AM »
I run into problems similar to this when I port/compile opensource packages. Often it is enough to add a symbolic link from what is demanded to what is offered.

However, in the case of nim and ssl I fear they will be greater problems: you might be able to patch the server - patching the client is going to be more tedious.

My approach would be to get what I hope is a proper server setup, and then carefully make - and document - changes to a client so that I can create a script that can reconfigure clients to work with an openssh enabled nim server.

Have you considered using the new nimsh interface instead? Maybe that is sufficient for your needs!