> -----Original Message-----
> From: IBM Mainframe Discussion List On Behalf Of Matt Simpson
>
> If you have activated GSK trace via the environment variable
> someone mentioned earlier, the grace will be written to a
> file in the /tmp directory. It will have gsk somewhere in
> the name, and some kind of numeric qualifier to make it
> unique. I forget exactly what it looks like, but you should
> be able to find it by browsing the directory.
Got it.
> [ snip ]
>
> The z/OS FTP client is also very picky about server certificates. It
> doesn't like self-signed certs, or certs signed by an unknown CA. Many
> clients, when presented with such a cert, will prompt the
> user whether to accept it. The z/OS client will not. It
> just quits. I don't think it even issues any visible message
> to the user, unless tracing is turned on. The server cert
> must be signed by a CA acceptable to the client, meaning the
> CA cert must be in the keyring used by the client.
Working on that "as we speak".
> When your handshake fails, does it fail quickly, or does it
> wait for a while and seem to timeout? If it fails quickly,
> then it's probably some kind of negotiation problem. If it
> times out, then it's probably a firewall problem, with the
> firewall throwing away the "offending" traffic so you never
> get a response.
Looks like a timeout. Here are the last trace entries:
========= Begin paste ==========
06/22/2006-14:43:53 Thd-0 ASCII send_v3_client_hello(): V3 CLIENT-HELLO message
00000000: 0100003d 0301449a e4e90a46 725efec1 *...=..D....FrĀ¬..*
00000010: 0e8ad794 42e7ef91 6913097e 1abb73ef *....B...i..~..s.*
00000020: 3fbdd092 31c60000 16000500 04003500 *?...1.........5.*
00000030: 2f000a00 09000300 06000200 01000001 */...............*
00000040: 00 *. *
06/22/2006-14:43:53 Thd-0 INFO gsk_write_v3_record(): Calling write routine for
70 bytes
06/22/2006-14:43:53 Thd-0 INFO gsk_write_v3_record(): 70 bytes written
06/22/2006-14:43:53 Thd-0 INFO gsk_read_v3_record(): Calling read routine for 5
bytes
========== End paste =============
Seventeen minutes after the last trace entry above is when I cancelled the job.
Debug data from the server end shows session "hangs" at presentation of server
certificate. I'm now waiting for our network folks to "poke a hole" in our
firewall(s) so we can proceed to the next hurdle.
-jc-
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
