Oh yes. We've been doing it that way for years. Trying to add the ability to secure the log in process.
On Fri, May 9, 2014 at 11:42 AM, Gibney, Dave <gib...@wsu.edu> wrote: > I haven't used SSL client verification by certificate, so you are past my > knowledge. As an experiment, can you get a working connection using > userid/password authentication. > > > -----Original Message----- > > From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] > > On Behalf Of Mark Pace > > Sent: Friday, May 09, 2014 5:47 AM > > To: IBM-MAIN@LISTSERV.UA.EDU > > Subject: Re: z/OS FTPS Client & Linux FTP server > > > > I was able to get the Trace to work - after removing the -r TLS, that > > generated an error. > > *EZA2892I Secure port 21 does not allow the -a or -r start parameter * > > > > And from that trace it appears, to me, that the FTP server is not > > responding correctly to the z/OS client handshake. > > > > 05/08/2014-16:46:27 Thd-0 INFO send_v3_client_hello(): Sent V3 CLIENT- > > HELLO message > > 05/08/2014-16:46:27 Thd-0 ASCII send_v3_client_hello(): V3 CLIENT-HELLO > > message > > 00000000: 0100002b 0301536b ed23cf50 8d72c5f7 > > *...+..Sk.#.P.r..* > > 00000010: 201c1c84 2fef8ce6 3228c3b3 8de37177 * > > .../...2(....qw* > > 00000020: a3e6e150 a3c50000 0400ff00 050100 > > *...P........... > > * > > 05/08/2014-16:46:27 Thd-0 INFO gsk_write_v3_record(): Calling write > > routine for 52 bytes > > 05/08/2014-16:46:27 Thd-0 INFO gsk_write_v3_record(): 52 bytes written > > 05/08/2014-16:46:27 Thd-0 INFO gsk_read_v3_record(): Calling read > > routine for 5 bytes > > 05/08/2014-16:46:27 Thd-0 INFO gsk_read_v3_record(): 5 bytes received > > 05/08/2014-16:46:27 Thd-0 ERROR gsk_read_v3_record(): Content Type 50 > > is not supported > > 05/08/2014-16:46:27 Thd-0 ASCII gsk_read_v3_record(): SSL record header > > 00000000: 3232302d 57 *220-W > > * > > 05/08/2014-16:46:27 Thd-0 ERROR gsk_secure_socket_init(): SSL V3 client > > handshake failed with 10.6.0.15[21] > > > > > > > > On Wed, May 7, 2014 at 4:03 PM, Gibney, Dave <gib...@wsu.edu> wrote: > > > > > Add this to the FTP Client job parms: > > > // > > PARM=('ENVAR("GSK_TRACE=0XFFFF","GSK_TRACE_FILE=/tmp/gskwix.trc")', > > > // '/-r TLS (TRACE EXIT') > > > > > > There is a formatted documented with gsktrace. Should get you to the > > > exact error when you format gskwix.trc > > > > > > > -----Original Message----- > > > > From: IBM Mainframe Discussion List > > > > [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Mark Post > > > > Sent: Wednesday, May 07, 2014 12:55 PM > > > > To: IBM-MAIN@LISTSERV.UA.EDU > > > > Subject: Re: z/OS FTPS Client & Linux FTP server > > > > > > > > Mark, > > > > > > > > This may be yet another case where running strace or ltrace on the > > > > server side will give you some insight into what is going on. If > > > > you don't > > > want to go > > > > down that road, i would say it's time to open up a PMR with IBM. > > > > > > > > > > > > Mark Post > > > > > > > > ------------------------------------------------------------------- > > - > > > > -- For IBM-MAIN subscribe / signoff / archive access instructions, > > > > send > > > email to > > > > lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > > > > > --------------------------------------------------------------------- > > - > > > For IBM-MAIN subscribe / signoff / archive access instructions, send > > > email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > > > > > > > > > > -- > > The postings on this site are my own and don’t necessarily represent > > Mainline’s positions or opinions > > > > Mark D Pace > > Senior Systems Engineer > > Mainline Information Systems > > > > ---------------------------------------------------------------------- > > For IBM-MAIN subscribe / signoff / archive access instructions, send > > email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > -- The postings on this site are my own and don’t necessarily represent Mainline’s positions or opinions Mark D Pace Senior Systems Engineer Mainline Information Systems ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
