Topic
  • 3 replies
  • Latest Post - ‏2013-02-15T00:23:38Z by SystemAdmin
SystemAdmin
SystemAdmin
8523 Posts

Pinned topic How to enable Key Repository using the MQCONNX() parameter.

‏2013-02-13T20:51:09Z |
I am trying to connect to an SSL-encrypted queue using the code snippet below. While I am setting the key repository via the API, I get an error in the event log saying "The path and stem name for the SSL key repository have not been specified." If I specify the key repository using the MQSSLKEYR setting then it works okay, so somehow my programmatic usage is not getting picked up. What am I doing wrong?

Code is below. (I'll note that I compared this code to http://my.safaribooksonline.com/book/networking/websphere/0738425621/scripts-samples-code-and-jcl/210 and it appears the same...)

----

std::string m_strChannelName = "";
std::string m_strConnectionName = "S_SERVER1_QA5";
std::string m_nTransportType = "TCP";
std::string m_strKeyRepository = "C:\\Temp\\KeyRepository\\key";
std::string m_strSSLCipherSpec = "TRIPLE_DES_SHA_US";
std::string m_strSSLPeerName = "cn=qarm,o=Markit,c=CA";

MQCNO tConnectOptions = {MQCNO_DEFAULT};
MQCD tClientConnectDescriptor = {MQCD_CLIENT_CONN_DEFAULT};

strncpy(tClientConnectDescriptor.ChannelName, m_strChannelName.c_str(), MQ_CHANNEL_NAME_LENGTH);
strncpy(tClientConnectDescriptor.ConnectionName, m_strConnectionName.c_str(), MQ_CONN_NAME_LENGTH);

tClientConnectDescriptor.TransportType = m_nTransportType;
tClientConnectDescriptor.Version = MQCD_VERSION_7; /* SSL requires MQCD version 7 or later */

tConnectOptions.Version = MQCNO_VERSION_2; // must be >= version 2 or else .ClientConnPtr not supported
tConnectOptions.ClientConnOffset = 0; // must be 0 if using ClientConnPtr

// SSL Settings.
MQSCO mysco = {MQSCO_DEFAULT};
strncpy(mysco.KeyRepository, m_strKeyRepository.c_str(), MQ_SSL_KEY_REPOSITORY_LENGTH);
strncpy(tClientConnectDescriptor.SSLCipherSpec, m_strSSLCipherSpec.c_str(), MQ_SSL_CIPHER_SPEC_LENGTH);

MQPTR pBuffer;
pBuffer = malloc ((m_strSSLPeerName.length() + 1) * sizeof(MQCHAR));
memcpy(pBuffer, m_strSSLPeerName.c_str(), m_strSSLPeerName.length() + 1);
tClientConnectDescriptor.SSLPeerNameLength = (MQLONG)m_strSSLPeerName.length();
tClientConnectDescriptor.SSLPeerNamePtr = pBuffer;

tConnectOptions.SSLConfigPtr = &mysco;
tConnectOptions.ClientConnPtr = &tClientConnectDescriptor; // point32_t to MQCD structure we just defined
tConnectOptions.Options += MQCNO_HANDLE_SHARE_BLOCK;

// Connect to the Queue Manager
MQLONG lConnectCompletionCode;
MQLONG lConnectReasonCode;

// Call MQCONNX instead of MQCONN so we can specify our custom connection options
MQCONNX(const_cast<char*>(m_strQueueManagerName.c_str()),
&tConnectOptions, /* custom connection options */
&hConnection, /* connection handle */
&lConnectCompletionCode, /* completion code */
&lConnectReasonCode); /* reason code */
Updated on 2013-02-15T00:23:38Z at 2013-02-15T00:23:38Z by SystemAdmin
  • SystemAdmin
    SystemAdmin
    8523 Posts

    Re: How to enable Key Repository using the MQCONNX() parameter.

    ‏2013-02-14T10:05:20Z  
    I can see that you are filling in the SSLConfigPtr in the MQCNO structure. However, you have also told the MQ code that the MQCNO is at version 2
    
    tConnectOptions.Version = MQCNO_VERSION_2; 
    // must be >= version 2 or else .ClientConnPtr not supported
    


    The SSLConfigPtr is part of a version 4 MQCNO, so that is why it is being ignored. Change the above line to be
    
    tConnectOptions.Version = MQCNO_VERSION_4; 
    // must be >= version 4 or else .SSLConfigPtr not supported
    


    and try again.

    You'll see in the link you reference, that they set the MQCNO to VERSION_4.

    Cheers
    Morag
  • SystemAdmin
    SystemAdmin
    8523 Posts

    Re: How to enable Key Repository using the MQCONNX() parameter.

    ‏2013-02-15T00:11:02Z  
    I can see that you are filling in the SSLConfigPtr in the MQCNO structure. However, you have also told the MQ code that the MQCNO is at version 2
    <pre class="jive-pre"> tConnectOptions.Version = MQCNO_VERSION_2; // must be >= version 2 or else .ClientConnPtr not supported </pre>

    The SSLConfigPtr is part of a version 4 MQCNO, so that is why it is being ignored. Change the above line to be
    <pre class="jive-pre"> tConnectOptions.Version = MQCNO_VERSION_4; // must be >= version 4 or else .SSLConfigPtr not supported </pre>

    and try again.

    You'll see in the link you reference, that they set the MQCNO to VERSION_4.

    Cheers
    Morag
    Thanks for the response, Morag. That cleared it up for me. I can't believe I lost so much time due to such a tiny oversight.

    Andrew
  • SystemAdmin
    SystemAdmin
    8523 Posts

    Re: How to enable Key Repository using the MQCONNX() parameter.

    ‏2013-02-15T00:23:38Z  
    I can see that you are filling in the SSLConfigPtr in the MQCNO structure. However, you have also told the MQ code that the MQCNO is at version 2
    <pre class="jive-pre"> tConnectOptions.Version = MQCNO_VERSION_2; // must be >= version 2 or else .ClientConnPtr not supported </pre>

    The SSLConfigPtr is part of a version 4 MQCNO, so that is why it is being ignored. Change the above line to be
    <pre class="jive-pre"> tConnectOptions.Version = MQCNO_VERSION_4; // must be >= version 4 or else .SSLConfigPtr not supported </pre>

    and try again.

    You'll see in the link you reference, that they set the MQCNO to VERSION_4.

    Cheers
    Morag
    It begs the question why IBM does not always set the structure version in the default values to be the latest version. MQCNO is a common and classic case where the programmer needs to know the version of the structure where new fields were introduced, and override the default value accordingly.

    ;-) G