Direct links to fixes
APAR status
Closed as program error.
Error description
IBM Sterling B2B Integrator provides support for SWIFT messages through the SWIFTNet7 Adapters and MEFG components. Support for SSL communication between IBM Sterling B2B Integrator and MEFG is provided by dynamically linked OpenSSL libraries. IBM Sterling B2B Integrator and MEFG OpenSSL version 1.0.2 supportis added to MEFG binaries. The MEFG installation jar supports the following installation configuations: MEFG that requires no OpenSSL (Non SSL installation) MEFG that requires OpenSSL 1.0.1 MEFG that requires OpenSSL 1.0.2 The new MEFG binaries continue to dynamically link with OpenSSL V1.0.1 and also links with OpenSSL V1.0.2 libraries. For AIX, a change to the LIBPATH is required on an existing MEFG installations, for the new MEFG installations. The required change is to the environment variable, LIBPATH, to use the AIX OS patch OpenSSL libraries in the /usr/lib, rather than the libraries in /opt/freeware/lib. With prior versions of MEFG, AIX binaries are linked to libraries in /opt/freeware/lib/ directory. These libraries include a specific naming scheme that explicitly identifies the minor release in the library archive. By continuing to use these libraries, customers would be required to reinstall MEFG when they upgraded from OpenSSL 1.0.1 to 1.0.2. By utilizing the OpenSSL libraries in /usr/lib, which have a consistent naming scheme between the minor releases, the same MEFG installation can be used with either OpenSSL 1.0.1 or 1.0.2. Some background information: Openssl is provided as both an OS level patch in AIX, in /usr/bin/open, as well as a freeware level patch in /opt/freeware/bin The Openssl in /usr/lib maintains the same shared library naming scheme for versions 1.0.1 and 1.0.2. This is same naming scheme as Solaris and Linux: /usr/lib/libcrypto.a(libcrypto.so.1.0.0) /usr/lib/libssl.a(libssl.so.1.0.0) The Openssl in /opt/freeware maintains different shared library naming scheme for 1.0.1 and 1.0.2: OpenSSL 1.0.1 /opt/freeware/lib/libcrypto.a(libcrypto.so.1.0.1) /opt/freeware/lib/libssl.a(libssl.so.1.0.1) OpenSSL 1.0.2 /opt/freeware/lib/libcrypto.a(libcrypto.so.1.0.2) /opt/freeware/lib/libssl.a(libssl.so.1.0.2) Currently, with prior 5.2.6 versions, our AIX builds have linked the /opt/freeware Openssl libraries: /opt/freeware/lib/libcrypto.a(libcrypto.so.1.0.1) /opt/freeware/lib/libssl.a(libssl.so.1.0.1) To utilize the System openssl in /usr/lib, the new 5.2.6.x_y MEFG SSL binaries will link with the AIX /usr/lib OpenSSL libraries: /usr/lib/libcrypto.a(libcrypto.so) /usr/lib/libssl.a(libssl.so) This change will allow us to continue to ship the MEFG installations for OpenSSL 101, which will work with both the OpenSSL 1.0.1, 1.0.2, and likely 1.0.x versions, for all platforms. The full AIX opensll ldd info is below: $ /usr/bin/openssl version OpenSSL 1.0.2j 26 Sep 2016 $ ldd /usr/bin/openssl /usr/bin/openssl needs: /usr/lib/libc.a(shr.o) /usr/lib/libcrypto.a(libcrypto.so.1.0.0) /usr/lib/libssl.a(libssl.so.1.0.0) /unix /usr/lib/libcrypt.a(shr.o) $ /opt/freeware/bin/openssl version OpenSSL 1.0.2h 3 May 2016 $ ldd /opt/freeware/bin/openssl /opt/freeware/bin/openssl needs: /usr/lib/threads/libc.a(shr.o) /usr/lib/libpthreads.a(shr_comm.o) /usr/lib/libpthreads.a(shr_xpg5.o) /opt/freeware/lib/libcrypto.a(libcrypto.so.1.0.2) /opt/freeware/lib/libssl.a(libssl.so.1.0.2) /unix /usr/lib/libcrypt.a(shr.o) /usr/lib/threads/libc.a(shr_64.o) /usr/lib/libpthreads.a(shr_xpg5_64.o) /usr/lib/libcrypt.a(shr_64.o) Solaris: $ openssl version OpenSSL 1.0.2j 26 Sep 2016 $ ldd /usr/local/openssl-1.0.2j/bin/openssl libssl.so.1.0.0 => /usr/local/openssl-1.0.2j/lib/libssl.so.1.0.0 libcrypto.so.1.0.0 => /usr/local/openssl-1.0.2j/lib/libcrypto.so.1.0.0 libsocket.so.1 => /lib/libsocket.so.1 libnsl.so.1 => /lib/libnsl.so.1 libdl.so.1 => /lib/libdl.so.1 libc.so.1 => /lib/libc.so.1 libgcc_s.so.1 => (file not found) libgcc_s.so.1 => (file not found) libmp.so.2 => /lib/libmp.so.2 libmd.so.1 => /lib/libmd.so.1 libscf.so.1 => /lib/libscf.so.1 libdoor.so.1 => /lib/libdoor.so.1 libuutil.so.1 => /lib/libuutil.so.1 libgen.so.1 => /lib/libgen.so.1 libm.so.2 => /lib/libm.so.2 /lib/libm/libm_hwcap1.so.2 /platform/sun4v/lib/libc_psr.so.1 /platform/sun4v/lib/libmd_psr.so.1 Linux: Installed OpenSSL 1.0.2j $ openssl version OpenSSL 1.0.2j 26 Sep 2016 $ ldd openssl linux-vdso.so.1 => (0x00007fff619a9000) libssl.so.1.0.0 => ./libssl.so.1.0.0 (0x00007f9920672000) libcrypto.so.1.0.0 => ./libcrypto.so.1.0.0 (0x00007f992023b000) libdl.so.2 => /lib64/libdl.so.2 (0x0000003b22c00000) libc.so.6 => /lib64/libc.so.6 (0x0000003b22800000) /lib64/ld-linux-x86-64.so.2 (0x0000003b22400000)
Local fix
Problem summary
Users Affected: SI MEFG SWIFTNet7 customers needing to upgrade to OpenSSL 1.0.2 Problem Description: OpenSSL V1.0.2 support was not available in prior versions of MEFG. Platforms Affected: All
Problem conclusion
Resolution Summary: SI MEFG binaries now support OpenSSL 1.0.2 runtime libraries with the MEFG 1.0.1 installation jar. Both OpenSSL 1.0.1 and 1.0.2 runtime libraries supported with the same MEFG binaries. The AIX LIBPATH will need to include the OpenSSL libraries from /usr/lib for the correct shared library signature. The AIX Openssl in /usr/lib maintains the same shared library naming scheme for versions 1.0.1 and 1.0.2. /usr/lib/libcrypto.a(libcrypto.so.1.0.0) /usr/lib/libssl.a(libssl.so.1.0.0) Delivered in: 5020601_7 5020602_4 5020603_2
Temporary fix
Comments
Published on: 30-Mar-2017
APAR Information
APAR number
IT19224
Reported component name
STR B2B INTEGRA
Reported component ID
5725D0600
Reported release
526
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2017-02-20
Closed date
2017-03-06
Last modified date
2017-06-16
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
STR B2B INTEGRA
Fixed component ID
5725D0600
Applicable component levels
R526 PSY
UP
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS3JSW","label":"IBM Sterling B2B Integrator"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"5.2.6","Edition":"","Line of Business":{"code":"LOB59","label":"Sustainability Software"}}]
Document Information
Modified date:
16 June 2017