Operating System - HP-UX
1748268 Members
3701 Online
108760 Solutions
New Discussion юеВ

SSL_connect(ssl) issue during HPUX system startup

 
SOLVED
Go to solution
J Ramesh Kumar
Advisor

SSL_connect(ssl) issue during HPUX system startup

Hi,

I have configured my application to start as service during startup(boot time). I put the link /sbin/rc3.d/S999pmpagt for starting boot time. In general, my agent application will contact the server via SSL(https). In normal case, if I start my application every thing working fine. But if my application getting started during boot time(via service), it cannot connect with my server via SSL(https). I got "-1" from the "SSL_connect(ssl)" method during startup. I am sure, there is no issue either in the certificate or server. Because, everything working fine for normal cases. Can somebody help me to resolve this issue ?

Thanks in advance for your help.


Thanks,
Ramesh
8 REPLIES 8
Kapil Jha
Honored Contributor
Solution

Re: SSL_connect(ssl) issue during HPUX system startup

Is it running fine if you kill it after ur system boot up and then u restart it??

If this is the case you may have to check if some dependent service is starting is staring before/after this during system boot up.
BR,
Kapil
I am in this small bowl, I wane see the real world......
J Ramesh Kumar
Advisor

Re: SSL_connect(ssl) issue during HPUX system startup

Hi Kapil,

Thanks for the help. Yes. One of the dependent process (S99prngd.rc) was started after my application.

My application link name is "S999pmpagt". I expect that my application should be triggered last, because my app no is 999 and prngd.rc number is 99. But prngd.rc is triggered before my application. So as a workaround I have changed my link name as "S9pmpagt". Now, my application triggered last. I know, my application link name is violating standards. But I don't have any other way. Will it leads to any problem in future ?


Thanks,
Ramesh
Dennis Handly
Acclaimed Contributor

Re: SSL_connect(ssl) issue during HPUX system startup

>One of the dependent process (S99prngd.rc) was started after my application.

This should really be renamed to S099prngd.rc or S990prngd.rc.

>My application link name is "S999pmpagt". I expect that my application should be triggered last,

Do you have to be exactly last?

>S99prngd.rc number is 99.

Can you rename that one?

>So as a workaround I have changed my link name as "S9pmpagt".

Why not S99zpmpagt?
J Ramesh Kumar
Advisor

Re: SSL_connect(ssl) issue during HPUX system startup

Hi Dennis Handly,

Thanks for your suggestions.

>>>This should really be renamed to S099prngd.rc or S990prngd.rc.

Since my product will be installed many customer places, I do not want to change the ln name in the customer place. And also I tried to rename the S99prngd.r link to S991prngd.r. But no use. the normal "mv" does not work properly.

# ls
....
S991rngd.rc
S9pmpagt
....
# ls S991rngd.rc
S991rngd.rc not found
# ls -ltr
...
total 0
lrwx------ 1 root sys 31 Apr 23 12:43 91prngd.rc -> /sbin/init.d/prngd.rc
lrwx------ 1 root sys 19 Apr 23 15:29 S9pmpagt -> /sbin/init.d/pmpagt
...
#

And I found the following string in the /etc/rc.log file,

.........
Starting PRNGD (Pseudo Random Number Generator Daemon)
Output from "/sbin/rc3.d/S99prngd.rc^[[D^[[D^[[D^[[D^[[D^[[D^[[D^[[D1 start":
----------------------------
PRNGD (Pseudo Random Number Generator Daemon) started
..........

Please note that, the rc.log has existing name even though I changed name using mv command. And it has some special characters like [[^D and ls & ls -ltr commands give different outputs. So I totally confused. The mv command collapse the existing link. That why I just wanted to rename my application instead of existing application name. Is there any special/options for rename a link ?


>>>Do you have to be exactly last?

Yes. I want to start my application exactly last. Is there any other way ?

Thanks,
Ramesh
Dennis Handly
Acclaimed Contributor

Re: SSL_connect(ssl) issue during HPUX system startup

>Since my product will be installed many customer places, I do not want to change the ln name in the customer place. And also I tried to rename the S99prngd.r link to S991prngd.r. But no use. the normal "mv" does not work properly.

Ok, unless you have some very good documentation with your product.

I would have thought mv would work fine on symlinks:
$ ln -s /var/tmp XX
$ ll XX
lrwxrwxr-x 8 Apr 23 04:08 XX@ -> /var/tmp
$ mv XX YY
$ ll YY
lrwxrwxr-x 8 Apr 23 04:08 YY@ -> /var/tmp

# ls
S991rngd.rc
# ls S991rngd.rc
S991rngd.rc not found
# ls -ltr
lrwx------ 1 root sys 31 Apr 23 12:43 91prngd.rc -> /sbin/init.d/prngd.rc

Double huh? Can you do: ll -Ltrb
(I think you have some backspaces in the name of the .rc script.)

>And I found the following string in the /etc/rc.log file,
Output from "/sbin/rc3.d/S99prngd.rc^[[D^[[D^[[D^[[D^[[D^[[D^[[D^[[D1 start":

That's probably what they are.

>And it has some special characters like [[^D and ls & ls -ltr commands give different outputs.

Using ll -b will keep them honest.

>Is there any special/options for rename a link?

No, just mv(1).

>I want to start my application exactly last. Is there any other way?

Well, Szzzpmpagt but I don't think you really want to do that. :-)
Rasheed Tamton
Honored Contributor

Re: SSL_connect(ssl) issue during HPUX system startup

>And also I tried to rename the S99prngd.r link to S991prngd.r. But no use. the normal "mv" does not work properly.

In that case, why do not you recreate the links. Remove the old names and re-create it again.

ln -s /sbin/init.d/prngd.rc /sbin/rc3.d/newname

Regards,
Rasheed Tamton.
Ralph Grothe
Honored Contributor

Re: SSL_connect(ssl) issue during HPUX system startup

>I expect that my application should be triggered last, because my app no is 999 and prngd.rc number is 99. But prngd.rc is triggered before my application.

I would assume that the Pseudo Random Number Generating Daemon needs to be started before you can rig up any TLS/SSL connection if you don't have a better random numbers producing device (such as /dev/random) available.
I think that's because the involved cryptographic algorithms require enough entropy to find a pair of big mutual primes
(is this the correct translation for "teilerfremd"?).
If I remember correctly the OpenSSL calls resort to prngd when they can't find a better randomness source,
they even provide their own prngd


$ swlist -l file OpenSSL|grep prngd
OpenSSL.openssl.OPENSSL-PRNG: /opt/openssl/prngd
OpenSSL.openssl.OPENSSL-PRNG: /opt/openssl/prngd/man/man1/prngd.1
OpenSSL.openssl.OPENSSL-PRNG: /opt/openssl/prngd/prngd
OpenSSL.openssl.OPENSSL-PRNG: /opt/openssl/prngd/prngd.conf
OpenSSL.openssl.OPENSSL-PRNG: /sbin/init.d/prngd.rc


I can recall that for HP-UX there was a kernel patch that provides /dev/random
For instance on one of our boxes I found this:


$ /usr/sbin/swlist -l product|grep -i random
RandomNumGen B.11.11.07 HP-UX 11.11 Strong Random Number Generator Kernel Enablement
RandomNumGenDyn B.11.11.09 HP-UX 11.11 Strong Random Number Generator product
Madness, thy name is system administration
J Ramesh Kumar
Advisor

Re: SSL_connect(ssl) issue during HPUX system startup

Hi All,

Thanks for all of your help in resolving my problem. I used delete & recreate the link which works fine for me.

Thanks,
Ramesh