I started my first professional programming job in January of 1969, working
with DOS/360. DLBL, EXTENT and TLBL cards existed but they were new -- the "old
timers" still used DLAB, XTENT and TLAB. So that gives you an approximate
timeframe.
As @Shmeel has said, DOS definitely supported VTOCs.
You know, I don't think I have ever had to think about it. I just started using
WS_FTP and it just worked. My C { braces } and [ brackets ] and my Rexx |. (I
use \ for logical not.)
Perhaps I have forgotten some issue. But I use WS_FTP across four systems, some
of them relatively new to me, so
I'm late to the party here so I'm not sure if what I quote below is the
original query but unless I am missing something, most or all of the Windows
graphical FTP clients will do that. FileZilla is free. WS_FTP may be free for
individual use. There may be others. They will graphically expand a
Are you certain?
"minutes Specifies the maximum number of minutes a job may use the processor."
Seems to pretty clearly say processor (CPU) time.
Charles
On Thu, 9 May 2024 15:35:54 +, Hayim Sokolsky
wrote:
>In truth, TIME= is “wall time” and not CPU time. How many real-world minutes
On Thu, 2 May 2024 03:20:20 +, Timothy Sipples wrote:
>Charles Mills wrote:
>>I meant "obvious" in the sense of "it's the official Splunk solution."
>
>Is it? I haven�t found that sort of statement. Am I not looking hard enough?
>And even if so would t
duct
which entered this world as Type 80, the first product in the space, the first
product to integrate SMF with server industry security products.
Charles
On Tue, 30 Apr 2024 04:26:34 +0000, Timothy Sipples wrote:
>Charles Mills wrote:
>>For getting the data from MVS to Splunk, th
Yes! I can't believe I didn't say this. You would be crazy to write your own
dashboard presentation layer. Splunk makes this stuff so easy. You can hack at
a query until you get it right, and then with a few keystrokes "can" the query
so you can run it any time, or with a few more keystrokes
e you know what the problem is. I wish there were an
easier way.
Charles
On Sun, 28 Apr 2024 21:11:20 -0400, Phil Smith III wrote:
>Interesting, thanks. In this case, a gsktrace showed that it was failing GCM
>AES in the handshake. A reminder by Charles Mills led me to look at the to
Not exactly what you asked for but when I was at ASG -- circa 2000 -- Mr. Allen
was very enamored of an "executive dashboard" product that ASG had developed.
So you might check with Rocket, which is I believe who scooped up the pieces of
ASG.
OTOH I don't recall that customers and prospects
"AKA" is after all just a fancy way of saying "or."
CM
On Sun, 28 Apr 2024 10:08:32 +1000, Peter Vels wrote:
>"vel" is, amongst other things, Latin for "or".
--
For IBM-MAIN subscribe / signoff / archive access instructions,
:50 -0500, Charles Mills wrote:
>
>>https://www.ibm.com/docs/en/zos-basic-skills?topic=messages-bpxmtext-zos-unix-reason-codes
>>
>UNIX-centric? As is SYSCALL STRERROR
>
>Is the network service LOOKAT current?
>
>Otherwise,
And just to add to the fun, some of the certificates may refuse to import
because of non-FIPS algorithms.
Charles
On Fri, 26 Apr 2024 11:26:20 -0500, Charles Mills wrote:
>That is my *impression*, that there is no easier way.
>
>CM
>
>On Thu, 25 Apr 2024 07:36:54 -0400, Ma
https://www.ibm.com/docs/en/zos-basic-skills?topic=messages-bpxmtext-zos-unix-reason-codes
Although it is coming up with nonsense for your error code on my V2R4 system. I
can try it on a V3R1 system if you really need.
I also have code somewhere for calling the underlying service (not the shell
That is my *impression*, that there is no easier way.
CM
On Thu, 25 Apr 2024 07:36:54 -0400, Mark Regan wrote:
>At a site I support we need to start using FIPS mode. At the present our
>certificates are in gskkyman database that was not set up to support FIPS.
>From what I understand we have
Do you mean WHY is it in the Authorized manual?
The organization of Assembler Services versus Authorized Assembler Services is
a mystery to me. Why is SVC 99 documented in the Authorized Services Guide,
when it requires no authorization (generally).
I find it frustrating. You look up ATTACH in
> compared to external attackers
When I was doing security presentations as part of my job one of the
"controversies" I ran into was that the supposed percentage of insider attacks
is all over the place. I used to see 85% in one set of statistics and nearly
zero in others. I have no
Dataset encryption also guards against the situation in which a sandbox or test
LPAR (1) has very permissive RACF definitions and (2) inadvertently has shared
access to production DASD.
Charles
On Fri, 12 Apr 2024 14:38:22 -0400, Steve Thompson wrote:
>I clipped this to get to what I think
Nor passive FTP (FWFRIENDLY, as IBM calls it)
Charles
-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf
Of Michael Babcock
Sent: Wednesday, April 10, 2024 8:18 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: [EXTERNAL] Re: PASSPORT 3270
FWIW, I would say
>1) 0C4? That's a really weird code to get from a REXX call, isn't it?
No, anything you call might generate an 0C4. I think 0C4 is probably the most
common program exception. If the called module expected two parameters and did
not check to make sure it got two and not one,
ON.
Thanks!
Charles
On Thu, 14 Mar 2024 12:04:00 -0500, Glenn Knickerbocker
wrote:
>On Wed, 13 Mar 2024 11:01:30 -0500, Charles Mills wrote:
>>And the answer is ... "The three numeric settings are automatically saved
>>across internal and external subroutine and function cal
I'll bite. IMHO *nothing* that I can imagine justifies using SIGNAL as a
pseudo-call/return GOTO.
I would "modularize" initialization that cannot (for the reasons discussed here
recently) go into a subroutine by surrounding the instructions with
"eyecatcher" comments.
Charles
On Thu, 14 Mar
And the answer is ... "The three numeric settings are automatically saved
across internal and external subroutine and function calls."
I was setting numeric digits in an initialization subroutine, so Rexx helpfully
unset it on return from initialization. I thought I had done it that way before
Well sure enough, a Say right after the NUMERIC DIGITS 15 works as expected.
There are no other NUMERIC instructions in the program.
What else could be messing me up?
The program is not unusual. The most interesting thing is an EXECIO DISKR 1.
Charles
On Tue, 12 Mar 2024 19:39:21 +0200,
In a Rexx program I start out by executing NUMERIC DIGITS 15 (and I have also
tried 11 and 13 and gotten the same result).
For 8947 * 864 I am getting a result of 7.73020800E+10 rather than the
desired 7730208.
Is this to be expected? I interpret the Rexx documentation as saying that a
emy Nicoll
wrote:
>On Thu, 7 Mar 2024, at 16:54, Charles Mills wrote:
>> Thank you! THAT is the clue I needed. I need to quote the stem names.
>> Passing plain Index. passes "", the value of Index., to sort.
>
>
>So... the difference between your code & Sri's
Thank you! THAT is the clue I needed. I need to quote the stem names. Passing
plain Index. passes "", the value of Index., to sort.
Problem solved. Thanks all.
CM
On Thu, 7 Mar 2024 16:22:02 +, Alan Young wrote:
>I think I have always used the position specification format. In a couple
Well sure, over-reliance on any one "solution" as a panacea is foolish.
I had prospects tell me "we don't have any security issues -- we have RACF."
CM
On Thu, 7 Mar 2024 02:08:26 +, kekronbekron
wrote:
>> You are making a mistake if you discount the effectiveness of
>>
Thanks all. The mystery deepens.
Using the same stem variable should not be the problem. I have done that before
successfully, and the sort command documentation talks about how it uses a
temporary file to avoid clobbering the input data if the files are the same.
BUT ... changing to a
Thanks. As I said, I have tried both -k2 and -k 2, and also -k1 and +1, all
with the same result.
CM
On Thu, 7 Mar 2024 00:27:21 +, Sri Hari Kolusu wrote:
>Charles,
>
>Try a space after k.
--
For IBM-MAIN subscribe /
I am trying to sort a Rexx "array" starting with the second "word" of the
variables. My "array" is in Index.n and contains records of the form where is 0001, 0002, 0003, etc. and string is 2 to 5
Rexx "words."
Here's my Rexx code:
Say "Before sort" Index.0 Index.1 Index.2 Index.3
I of course saw first-hand a lot of mainframe -> SIEM or Splunk integrations,
and they ran the gamut. Some were as you describe; some were quite effective.
The worst I saw was one company that was printing an SMF report to spool, using
a mainframe product to convert the spooled report to a PDF,
I guess you might say that the whole point of products such as these is
converting dense "strings & numbers" into logs. A mainframe security "event" is
surely as significant to the enterprise as a Linux server security event -- it
makes sense to many enterprises to get it into their enterprise
Thanks for the shout-out, Jerry! (I was the principal developer of said
product.) I think BMC now calls the product AMI Defender. (I have no financial
interest in BMC or the product.)
I am pretty much of an expert on this topic. Feel free to reach out to me
off-line if you have any questions.
And THAT is why you should strongly consider STCKF or STCKE.
STCK spins in microcode until it can come up with a time greater than any time
it has previously reported, consuming CPU cycles that are charged to your
program.
If all you need is the time of day, accurate to some very, very small
On Sat, 24 Feb 2024 22:47:05 -0600, Alan Altmark
wrote:
>Hi, Jim. I meant that if you want to really know what time it is, you can't
>use STCKF.
https://www.youtube.com/watch?v=xoJpyYu_NMk
--
For IBM-MAIN subscribe /
z14 as in the Subject or z16 as in the body?
CM
On Sat, 24 Feb 2024 12:04:39 +1300, Laurence Chiu wrote:
>I need to decommission and remove for potential destruction z16 zr1. It
>only has one active engine so it's capped at 88 mips
>which isn't very useful. But for a number of reasons it has a
That problem is not limited to transaction programs that issue STCK repeatedly,
or that have some sort of internal "is this value unique?" logic. *Any* time
that you issue STCK you run the risk that some program -- your program or some
other unrelated program -- has recently issued an STCK and
ind. Thank you.
Charles
On Tue, 13 Feb 2024 12:19:46 -0600, Charles Mills wrote:
>I am interested in writing a program to read the IPL records from a DASD
>volume. (Read only, not update). I am comfortable with XDAP but how do I OPEN
>a "dataset" that would include cylinder 0?
>
I am interested in writing a program to read the IPL records from a DASD
volume. (Read only, not update). I am comfortable with XDAP but how do I OPEN a
"dataset" that would include cylinder 0?
APF, OPERATIONS and so forth are not out of the question.
Thanks,
Charles
It's confusing. The last four nibbles, 730C, are the "real" reason code. Just
scroll down in here:
https://www.ibm.com/docs/en/zos/2.5.0?topic=errnojrs-zos-unix-reason-codes
As the first part of the section says
The reason code is made up of 4 bytes in the following format:
I am not a sysprog but I occasionally play one in my spare time. I am thinking
of changing a system that I control to DUPL_JOB=NODELAY. Any gotchas? Anything
I need to consider before I do this? Do most/many of you run with NO_DELAY?
I am trying to solve a problem where I have jobs delayed
De nada.
The bottom line would appear to be that if you want the user name, then control
block chasing to the ACEE and picking up the ACEEUNAM seems to be a supported
programming interface and should be safe.
Be aware of all of the potential issues of multiple ACEEs, no ACEE, etc. But
for
I'm trying to put this in my own words. I'm not an expert on Z crypto
architecture, but I am sure someone will correct me if I am wrong.
The CPACF instructions are like the TRT instruction. You *could* do what TRT
does with a loop using IC and compare and so forth, but the TRT instruction is
Going to miss you! Thanks for all of your service to the MF community.
Is your Web site going to stay up, or is it going away, along with you and Tom?
Charles
On Mon, 22 Jan 2024 23:33:20 -0500, Cheryl Watson
wrote:
>* For those too young to remember, check out Wiki
>
>Hi all,
>
>I’m
-- an overhead of over 45
percent!
Details: REGION=0M, COBOL 6.2, up-to-date on PTFs, typical options, OPT(0),
52,063 lines, 34,012 statements, z14-M01, TCB+SRB time per IEF033I. All tests
run on a reasonably quiet LPAR.
Gr!
Charles
On Sat, 30 Dec 2023 16:36:07 -0600, Charles Mills wrote:
>I h
the door. (Not for
that reason, but still, it was enjoyable vindication for the mainframe tech
staff.)
CM
On Fri, 19 Jan 2024 20:33:15 +, Pew, Curtis G
wrote:
>On Jan 19, 2024, at 1:51 PM, Charles Mills wrote:
>
>"We're in the 25th year of a 3-year project to get off the mai
"We're in the 25th year of a 3-year project to get off the mainframe."
CM
On Fri, 19 Jan 2024 12:42:11 -0600, Tim Ribble wrote:
>Greetings all,
>
>Haven't posted here in quite some time but I thought it'd be fun to post
>another "getting off the mainframe" story. Been working for the City of
I have a working Enterprise COBOL compiler exit written in XLC C++. It
functions "correctly" but it is consuming more CPU time than expected, and I
have this suspicion that it is going through LE initialization on each entry.
The COBOL doc says of exit modules "The Enterprise COBOL compiler
of the compiler
that produced the associated data file
CM
On Sat, 16 Dec 2023 12:28:11 -0600, Charles Mills wrote:
>You know what I am actually looking at doing? You may laugh but it has worked
>for me in the past. I am thinking of pulling the IBM HTML documentation into
>MS-Word and
Sure. ¿Porque no? Thanks,
Charles
On Sat, 16 Dec 2023 17:54:36 +, M. Ray Mullins
wrote:
>Charles,
>
>Would you like me to ping Captain COBOL?
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email
You know what I am actually looking at doing? You may laugh but it has worked
for me in the past. I am thinking of pulling the IBM HTML documentation into
MS-Word and massaging it there into C declarations. I did this for a *LOT* of
RACF record layouts for the CorreLog product, so I know
@Kirk, interesting. I was not aware of that tool. I have used the DSECT to C
header conversion tool that is part of the XLC product, but I was not aware of
this tool.
I am not much of a Java guy but IIRC it would be a fairly short editing leap
from Java classes to C structs.
Unfortunately, as
ASM ≠ COBOL
The ADATA records for the two products have a lot in common but not as much as
one might hope.
Charles
On Sat, 16 Dec 2023 08:03:46 -0600, Ralph Spadafora
wrote:
>HLA.SASMMAC1(ASMADATA)
--
For IBM-MAIN
+1
Not the solution to my problem today, however.
CM
On Fri, 15 Dec 2023 11:30:28 -0600, Paul Gilmartin wrote:
>On Fri, 15 Dec 2023 10:37:56 -0600, Charles Mills wrote:
>
>>I am looking for compiler-readable record layouts ...
>>
>>Source language, in order of desc
I am looking for compiler-readable record layouts for Enterprise COBOL
SYSADATA. I see the human-oriented record descriptions in the Programming
Guide. I see the sample exit program in IGYxxx.SAMPLIB(ADEXIT), which contains
(very) partial record layouts. I have searched SYS1.SIEAHDR.H. I have
rol blocks
>https://docs.python.org/3/library/ctypes.html#ctypes.BigEndianStructure. It
>would be cool if the tooling that we worked on with Peter Relson to create C
>header files could be reused to generate Python mappings. With the recent zIIP
>offloading Python is strategic.
>
>&g
The function not provided by Metal C is basically all of C++. The called module
is written in, and exploits, C++.
Charles
On Wed, 15 Nov 2023 21:26:18 +, Farley, Peter
wrote:
>OK, I sort of understand the “personal preference” about not using inline
>assembler (it is kludgey, I agree)
block anywhere else but in the standard linkage?
Charles
On Wed, 15 Nov 2023 14:02:55 -0600, Paul Gilmartin wrote:
>On Wed, 15 Nov 2023 12:06:48 -0600, Charles Mills wrote:
>
>>@Peter, I went around on the R0 question here a couple of years ago.
>>
>CMSThink: Since no
Different strokes for different folks.
1. I was not aware of that pointer. This is the classic documentation problem.
The answer is right there in the manual, clear as day -- provided you know
where to look. A lot of these answers are easy to find, assuming you already
know the answer.
2. My
It is part of IBM XLC. The program is actually named EDCDSECT. It does a
less-than-perfect job but I find it to be an excellent starting point.
On Thu, 16 Nov 2023 10:16:54 -0500, Rick Troth wrote:
>I remember the DSECT2C command, but might have been from an ISV (maybe
> There isn’t an R0 issue. IRXINIT(‘FINDENVB’) will fetch the environment
> block.
IIRC I needed the entry R0 to get the address of IRXINIT so I could call it.
Charles
--
For IBM-MAIN subscribe / signoff / archive access
the saved registers at entry, or
>is that not possible?
>
>At worst, an inline ASM routine to copy the value of the current R13 to a C
>pointer variable, then chain up the DSA stack?
>
>Peter
>
>From: IBM Mainframe Discussion List On Behalf Of
>Charles Mills
>Sent: Wednesday, Novemb
I see, in my C++ projects, EFPL, ENVB, EVALB and SHVB structs that appear to me
to have been produced from IBM macros by the EDCDSECT tool.
Have you looked for the IRX macros in SYS1.MACLIB?
Are you familiar with EDCDSECT?
Slightly changing the subject, to interface with the Rexx environment
As @Ituriel says, If you want the jobstep program it is found in some of the
SMF 30 records. No trick to finding it. IIRC it is very straightforward.
"Every program" comes up here from time to time and is basically impossible.
There is no supported way. If you want to intercept SVCs (and I
on, 6 Nov 2023 11:46:16 -0600, Charles Hardee
wrote:
>To answer Seymour J. Metz's question first, it's specified in the DCB.
>
>To answer Charles Mills' question, the module is defined as RMODE 24, AMODE
>ANY, so the I/O was issued in 31-bit mode.
>
>Which now rings a bel
My notes from 2005 seem to imply that the SYNAD exit may be called in 31-bit
mode. I think it is called in the mode under which the GET or PUT was issued.
Charles
--
For IBM-MAIN subscribe / signoff / archive access
I have no idea as to the answer to the question you asked but
1. A more relevant "it used to work" than the dates would be the z/OS release
numbers. "It worked under V2R5 but fails under V3R1" (or whatever).
2. As always with these things, an exact error message is a lot more likely to
lead to
Oh! And someone who obviously worked with John more than I did points out
to me privately that it is Eells, not Eels.
I enjoyed working with John. I wonder what he is doing now.
CM
--
For IBM-MAIN subscribe / signoff /
https://www.ibm.com/docs/en/zos/2.5.0?topic=level-zos-licensed-program-specifications
Page 3
CM
On Sun, 22 Oct 2023 09:31:54 -0400, Gord Tomlin
wrote:
>On 2023-10-21 18:25 PM, Charles Mills wrote:
>> a comprehensive "okay to link and ship" list all collected in one
Yes. I will speak from memory and I do not speak for IBM of course, so take all
of this as you wish.
Back in the bad old days, before about 2018, large software companies generally
shipped products as object code and did the final link/bind at the customer
site, thereby avoiding shipping any
Thanks for confirming my observations and conclusions.
I am 99.9% certain that the trace option in the AT-TLS configuration file is
different from System SSL trace (GSK_TRACE). If you look at the option bits
they are superficially similar but clearly different.
I think I have gotten past my
@Peter, thanks.
> This example uses TLSMECHANISM FTP but it should not matter.
Perhaps it should not, but it does, and that is the problem.
Working with my existing JCL, not yours (but it should not matter ):
My JCL uses
//STEP1 EXEC PGM=FTP,PARM=(,
//
@Colin, are we talking about the same trace? The trace I am talking about is
the one turned on with the environment variable GSK_TRACE. At least judging
from the meanings of the bit flags -- which are fairly similar but not
identical -- that is a different trace than the one turned on with
@Brian, I think you are talking about a different trace. IBM confusingly seems
to kind of run the two together.
I run the trace I am talking about -- in a non-PAGENT situation -- all the
time, and I am ignorant of what you write below.
The trace I am talking about is turned on with an
Thanks! I had searched System Commands on 'PAGENT' and got no hits.
CM
On Sun, 8 Oct 2023 17:03:29 -0500, Steve Horein wrote:
>https://www.ibm.com/docs/en/zos/2.5.0?topic=command-modify-policy-agent
--
For IBM-MAIN subscribe
I know PAGENT accepts MODIFY because I have used F PAGENT,REFRESH. And a MODIFY
error is documented here:
https://www.ibm.com/docs/en/zos/2.5.0?topic=messages-ezd1583i.
But where is PAGENT's MODIFY command documented?
Charles
I am trying to get a GSK trace for a batch FTP job, where PAGENT AT-TLS
controls the TLS connection.
I follow the example here
https://www.ibm.com/support/pages/how-do-you-collect-ssl-trace-using-batch-job
but no trace data is produced. I am guessing that is because of PAGENT AT-TLS.
(The
Most of the recommendations here were for the Mocha product. I downloaded it an
tried it. I have to say I am not crazy about it, but I guess I am never going
to be crazy about 3270-on-a-tablet.
I am also testing https://www.web.gar.no/glink-for-android. I think I am liking
it a little better.
It's not "my" certificate exactly -- it's IBM's. I will paste it below.
I don't have an OCSP server; I would guess that System SSL is querying
DigiCert's from the AIA: http://ocsp.digicert.com.
I am not sure which DigiCert certificate signs the OCSP response but the
DigiCert intermediate
X-Posted IBM-MAIN and RACF-L. It’s not really a RACF issue, but the right folks
may be hanging out there.
I am trying to educate myself on OCSP.
In the AT-TLS config I code
TTLSEnvironmentAction CAM_FTP_Env
{
Yeah, sorry, I realized the omission after I posted but decided folks could
figure it out. Here, for completeness:
/* Return the contents of a storage address plus an offset */
/* The address is in "character" (native binary) form and the
Could you temporarily allocate the DD with a bad LRECL?
Charles
On Wed, 27 Sep 2023 15:55:53 -0500, Ralph Spadafora
wrote:
>I was wondering the same thing, I'm not sure how I would establish a SYNAD
>exit for SYSTSIN in the sample JCL. My code runs as a service routine in a
>started task
Anyone have personal recommendations for a 3270 emulator for Android phones
and/or tablets?
Android, NOT Windows -- you would have to pry Vista out of my cold, dead
fingers.
I certainly don't intend to do heads-down coding on my phone. This is just so I
could respond to a client emergency
Does this help?
/* Point to the RMF data */
CVT_addr = Storage('10', 4)
RMCT_addr = StorageCO(CVT_addr, 604, 4)
@Colin, I can do that. That may be one of the better options.
Thanks all.
Charles
On Wed, 20 Sep 2023 08:22:22 +0100, Colin Paice wrote:
>You could try openssl s_server
>I use this script on Linux
>
>
>*cert=" -cert ./docec384.pem -certform pem -key docec384.key.pem -keyform
>pem"
Yes, that should work. However I don't have an appropriate test server.
Yes, I could set one up ...
Charles
On Wed, 20 Sep 2023 10:36:30 +1000, Andrew Rowley
wrote:
>On 20/09/2023 8:37 am, Charles Mills wrote:
>> Does anyone know of a server URL that will present a revoked ce
Ditto -- my client is running on z/OS, Darren! System SSL and RACF!
Seriously, if you have revoked the certificate used by a Web server then a
conforming browser should refuse to connect, of at least complain loudly.
Can you give me the URL and port? Off-list if you prefer. I will let you know
Does anyone know of a server URL that will present a revoked certificate (for
my testing purposes)?
There are several that a Google search turns up but
- https://revoked.badssl.com/ is expired and expired certificates are never
revoked
-
OMG Darren! What can we do to support you (and the list)?
Charles
On Mon, 18 Sep 2023 19:24:23 +, Darren Evans-Young wrote:
>I have removed Bill Johnson from the IBM-MAIN list and you all know why.
>
>He has now officially lodged a complaint against me accusing me of
>discrimination
>and
Not browser publishers and CAs; ONE particular browser publisher! The CAs were
on the other side of this one.
https://www.zdnet.com/article/apple-strong-arms-entire-ca-industry-into-one-year-certificate-lifespans/
About the only thing I can say in their defense is that the revocation system
is
> The certificate is only good if you have the associated key.
> If you don't have the key, the certificate isn't worth the disk space
> that it takes up.
Not true for a CA root.
Thought experiment: if DigiCert were to misplace their root private key, would
you now be unable to log into
>(paid for), and I think that means a manual process to update the HMC
>web cert/key every year. Or is there an easier way?
I don't know. I am more of a certificate theory expert than a z certificate
practice expert.
It is true that no commercial CA issues certificates good for much more than
validate it and
>quite happily use it.
>So no, you cannot create certificates, sign them and make me believe they
>came from a bona fida company - unless I do something stupid.
>Colin
>
>On Tue, 29 Aug 2023 at 16:46, Charles Mills wrote:
>
>> Don't want to get into one of the
difference is
that DigiCert has very rigorous protocols for protecting its root private keys.
OpenSSL does not.
Charles
On Tue, 29 Aug 2023 09:23:16 -0500, Grant Taylor
wrote:
>On 8/29/23 8:31 AM, Charles Mills wrote:
>> Just being a security PITA here, but that solution
Just being a security PITA here, but that solution makes the security of their
systems subject to whatever safeguards you do or do not put on yours.
If I can extract the CA private key from your PC than it is trivial for me to
create a www.chase.com certificate that will be trusted by their
Can you set the date back on the PC?
CM
On Sat, 26 Aug 2023 18:06:36 +, Jerry Whitteridge
wrote:
>Unfortunately my system is responding expired cert and drops the connection
>before I can do that - which is why I'm trying to get the cert details
In my emulator if I click on the padlock icon I get
OpenSSL Version: OpenSSL 1.0.1g 7 Apr 2014
Encryption: AES256-GCM-SHA384 - 256 bits
Protocol:TLSv1.2
Issued By: DigiCert Inc
Organization:International Business Machines Corporation
Distinguished Name:
Maybe
openssl s_client -connect host:port -showcerts
Charles
On Sat, 26 Aug 2023 12:41:57 -0500, Charles Mills wrote:
snip
>2. Perhaps you can do this with OpenSSL? I think so but don't know the
>details.
--
For IB
Well, I wrote a product that does exactly that in a beautiful graphic fashion
and is part of NewEra's ICEDirect suite.
https://www.newera.com/INFO/ICEDirect.pdf
Does that count?
For free tools
1. Is it a Web server? If so most browsers will display the server certificate
and the entire
I use it. I have nothing to really compare it to, but it does the job for me.
Supports EBCDIC.
Charles
On Tue, 15 Aug 2023 22:16:16 +, Pommier, Rex
wrote:
>I highly recommend "HxD hex edit".
--
For IBM-MAIN
1 - 100 of 4454 matches
Mail list logo