Re: Passing STDENV DD to FTP via SYSIN

Fri, 11 Sep 2020 13:08:10 -0700 

Charles:  Password is in the clear, just like it's always been.  The main 
security is controlled by directory permissions on the server--it's really a 
"dump it here".  They can't even see what they've uploaded.  The download 
directory (stuff from us) is read-only.  Like I said, "kicking and screaming"...

Frank: //CEEOPTS is very close to what I was looking for!

//FTPXFER  EXEC PGM=FTP,REGION=4M,
//  PARM=('ENVAR("GSK_PROTOCOL_TLSV1_2=ON")/(EXIT')

...works great if all I want to do is force TLS 1.2.  But there are a couple of 
other environment variables that are really handy for debugging:
GSK_TRACE=0xFFFF and GSK_TRACE_FILE=/tmp/gskc.trc

and while: 
//FTPXFER  EXEC PGM=FTP,REGION=4M,
// 
PARM=('ENVAR("GSK_PROTOCOL_TLSV1_2=ON","GSK_TRACE=0xFFFF","GSK_TRACE_FILE=/tmp/gskc.trc")/(EXIT')

...is possible, it pushes the limits of the PARM value's max length.

But I can add as many variables with CEEOPTS as I want:

//FTPXFER  EXEC PGM=FTP,REGION=4M,PARM='(TIMEOUT 30 EXIT'
//CEEOPTS DD *
ENVAR("GSK_PROTOCOL_TLSV1_2=ON",
"GSK_TRACE=0xFFFF",
"GSK_TRACE_FILE=/tmp/gskb.trc")
//*

However, I did stumble across what a really wanted as I was closing out all the 
web pages I had open for this.

https://www.ibm.com/support/knowledgecenter/SSLTBW_2.2.0/com.ibm.zos.v2r2.halz002/ip_env_var_used_by_tcpip_appls.htm

...is the page I'd overlooked.  It explains that while _CEE_ENVFILE requires a 
VB255 dataset, _CEE_ENVFILE_S isn't so picky. So:

//FTPXFER  EXEC PGM=FTP,REGION=4M,
//  PARM=('ENVAR("_CEE_ENVFILE_S=DD:STDENV")/(TIMEOUT 30 EXIT')
//STDENV   DD *
GSK_PROTOCOL_TLSV1_2=ON
//* GSK_TRACE=0xFFFF
//* GSK_TRACE_FILE=/tmp/gskc.trc
//SYSFTPD  DD *

...is really what I was looking for in the first place.  I can leave the TRACE 
vars commented, but if there is a problem they can easily be un-commented and 
the /tmp/gskc.trc file can be used to see exactly what's going on under the 
covers.  (BTW, this trace appears to provide a lot more information than 
processing a GSKSRVR/GSKWRTR trace with IPCS and "CTRACE COMP(GSKSRVR) 
DDNAME(IPTRACE) FULL"--but it's probable that I just don't know what I'm doing 
with IPCS.)

Anyway, thanks again to all!

Wendell

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Reply via email to