Date: 17-06-24  Time: 04:20 AM

Author Topic: NIM + SSL  (Read 21309 times)

0 Members and 1 Guest are viewing this topic.


  • Jr. Member
  • **
  • Posts: 6
  • Karma: +0/-0
« on: January 20, 2009, 02:25:13 PM »
Has anyone enabled cryptographic authentication on their NIM master using OpenSSL (or later)? 

This version(s) is delivered in installp format (from  and installed to /usr). 

The SMIT script and backing makefile (/usr/samples/nim/ssl/ assume the OpenSSL delivered in RPM format (and installed in /opt/freeware).

I've modified the makefile to point to /usr instead of /opt/freeware and ran the make command as indicated in the SMIT script.  It seems to go well until the 'ar' commands at the end:

/bin/ar -v -x /usr/lib/libssl.a /usr/lib/
ar: 0707-109 Member name /usr/lib/ does not exist.

Seems and are not delivered by openssl.base, at least not in v0.9.8.601.

Do you think it'd be ok to comment out the 'ar' lines and let the make complete?


  • Registered
  • *
  • Posts: 1
  • Karma: +0/-0
« Reply #1 on: April 06, 2009, 06:15:27 PM »
You should edit this script and change
/bin/ar -v -x /usr/lib/libssl.a /usr/lib/
/bin/ar -v -x /usr/lib/libssl.a /usr/lib/

But this not solving my issue, after succesfull client deployment each nim operation ends with errors:

0042-001 nim: processing error encountered on "master":
   0042-006 m_showlog: (From_Master) connect A connection with a remote socket was reset by that socket.

        0042-404 nconn: Error connecting to SSL object.
        0042-406 nconn: Error verifying SSL object after connection.
nconn: kwtdb01: A connection with a remote socket was reset by that socket.


  • Administrator
  • Hero Member
  • *****
  • Posts: 1339
  • Karma: +0/-0
« Reply #2 on: April 07, 2009, 07:10:10 AM »
I run into problems similar to this when I port/compile opensource packages. Often it is enough to add a symbolic link from what is demanded to what is offered.

However, in the case of nim and ssl I fear they will be greater problems: you might be able to patch the server - patching the client is going to be more tedious.

My approach would be to get what I hope is a proper server setup, and then carefully make - and document - changes to a client so that I can create a script that can reconfigure clients to work with an openssh enabled nim server.

Have you considered using the new nimsh interface instead? Maybe that is sufficient for your needs!