[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: (GSKit) I/O: Unknown system state.



Sender: Scott Klement <klemscot@xxxxxxxxxxxx>


Hi Tim,

> I've downloaded the cool HTTP library for an SSL connection to United
> Airlines but seem to be reaching an impass.  I've searched for EROFS (3472)
> "Unknown System State", but cannot locate anything that might be of help.

EROFS stands for "(E)rror: (R)ead (O)nly (F)ile (S)ystem" I have no idea
what it has to do with "Unknown System State."  Please decide which error
you received, since it's confusing me that you're reporting two totally
unrelated errors, both EROFS and "(GSKit) I/O: Unknown System State."


> The error is being returned from http_url_post_xml (source below).  We
> checked the firewall log, but it does not show any connection attempts.  We
> also checked thru the NetStat listing but don't see any open HTTPS ports.

Huh?  Why would there be open ports?


> Your README member shows instructions on adding a DCM entry for the SSL
> connection, but we don't understand why that would be a requirement for a
> client based HTTPS request (our AS/400 is performing an inventory
> availability request against the UA host systems)

You're sort-of correct.  You don't need to provide a "client certificate"
for most SSL conversations.  However, SSL always requires a server's
certificate, and certificate authority ("CA") certificates.  So, even
without client authentication, you MUST register with the digital
certificate manager.

When the SSL handshake begins, the server will send you it's certificate.
You need a program on your system that will take this certificate and
verify that it's digitally signed by a trusted CA.  That means that your
system needs CA certificates installed to compare it against.

The digital certificate manager is where you configure these things --
which CA's (VeriSign, Thawte, IBM Global Services, etc) can be configured
individually for each application, as well as miscellaneous other things.

So, yes, you DO need to be registered with the digital certificate
manager.  However, you can elect not to install a client certificate, and
you can also choose "do not define trust list" so that any CA installed on
your system will be trusted.


> So, that indeed maybe the cause of the EROFS failure.

No. If you're really getting an EROFS (which I seriously doubt) it's
because you're trying to write data to a CD-Rom or some other read-only
filesystem.

But, I suspect that you're really getting EUNKNOWN.  And the reason you're
getting EUNKNOWN is because the DCM hasn't generated the files that it
needs to perform SSL communications, so it throws up it's figurative hands
and says "I don't know what to do!"


-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubsribe from the list send mail
to majordomo@xxxxxxxxxxxxx with the body: unsubscribe ftpapi mymailaddr
-----------------------------------------------------------------------