ibmi-brunch-learn

Announcement

Collapse
No announcement yet.

Getting a 'keyring label field not empty' message when using AXIS methods.

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Getting a 'keyring label field not empty' message when using AXIS methods.

    This is a strange one. I am using IBM AXIS procedures in a RPG program to make GET calls to an internal API. The program works fine when I call it interactively and also when I submit the program in a batch job. See axisLog1.txt for the logs when the program is called interactively and submitted in batch. We use a 3rd party software that allows us to call our own RPG programs via 'hook' programs. My program is called by a job submitted from this 3rd party software. I get a message 'keyring label field not empty: 'V1R0M0 5001RSYS :'' in the AXIS logs when my program is called by the 3rd party software. This results (I suspect) in a 'Failed to initialize the SSL environment: GSKit Error is 407 - Label for the key database file not found.' further down the log. You can see this log in the axisLog2.txt file. I suspect the software changes data in an area that is also used by AXIS procedures but I have no idea where.
    Can anyone more knowledgeable help me?
    Attached Files
    Tags: None
  • #2
    I don't know anything about AXIS so not able to specifically help however it might be useful if you posted details of how these "hook" programs called your RPG programs.
    I wonder if the issue is simply the parameters you are supplying these particularly if some sort of CALL type statement is used. For instance, if I have a RPG program that wanted a 50 character variable and I issued a CALL PGM(pgm) PARM('abc') from the command line, then after 32 chars, the rest will be filled with junk. The text you posted kind of indicates this sort of thing but again, it's impossible to know.

    Comment

    • #3
      The key database is a file in the IFS where cryptography keys and certificates are stored. Sometimes it is called a "certificate store." These terms are more or less interchangable when working with GSKit. The error means that you are specifying a label that it should use within that file. A label will identify a particular key/cert or set of keys/certs within the file (i.e. the field is not empty) -- but that label cannot found in the file.

      Are you calling the AXIS API in your program, or where is this happening? Can we see the code?

      If it is in the 3rd party code, you'll need to contact them for assistance.

      When I use the AXIS API (which I avoid, as there are just better/easier/more maintainable alternatives) I would code it like this:
      Code:
      dcl-s certStore char(200);
dcl-s setTrue char(6);
dcl-s setNone char(6);
dcl-s setDefault char(6);
dcl-s snihost char(256);

.
.

setNone = 'NONE' + x'00';
setTrue = 'true' + x'00';
certStore = '/QIBM/USERDATA/ICSS/CERT/SERVER/DEFAULT.KDB' + x'00';
setDefault = x'00';

axiscTransportSetProperty( transportHandle
: AXISC_PROPERTY_HTTP_SSL
: %addr(certStore) // cert store pathname
: %addr(setDefault) // cert store pw
: %addr(setDefault) // cert store label
: %addr(setNone) // SSLv2 ciphers
: %addr(setNone) // SSLv3 ciphers
: %addr(setDefault) // TLSv1 ciphers
: %addr(setDefault) // TLSv1.1 ciphers (enable)
: %addr(setDefault) // TLSv1.2 ciphers (enable)
: %addr(setTrue) // tolerate soft validation (true)
: %addr(setDefault) // DCM APP ID (none set)
: %addr(sniHost) // Server Name Indication Hostname
: *NULL ); // *NULL = end of list
      ​The label is the 4th parameter -- in my example, I am specifying no label.

      Comment

      Previous template Next
      Working...
      X