on 09-30-2014 6:10 AM
Hi,
I am using RedHat Linux, i configured Sybase Server for SSL, but client connection ISQL cannot connect to the server.
I followed the instruction from the below link:
SSL with Adaptive Server Enterprise (ASE) - Wiki Stage - SCN Wiki
Common Name for CA root Certificate is my ServerName(Eg: REDHATSERVER)
Common Name for Server Certificate is my ServerName(Eg: REDHATSERVER)
While starting server it seems started correctly:
ssl_getcertpath: Entered.
ssl_getcertdirpath: Entered.
ssl_gettrusedpath: Entered.
ssl_getcertdirpath: Entered.
sslcontextinit(0x4546f40) begin:
dh_configcontext(0x4546f40) begin:
dh_configcontext(0x4546f40), returning DH error 0
syb_3des_decrypt() entry.
getdes_decrypt() entry
getdes_decrypt() returns 0.
syb_3des_decrypt() error 0, returns 64.
ssl_verifyidentityfile() entry.
ssl_verifyidentityfile() returns 0.
00:00000:00001:2014/09/29 16:16:30.83 kernel Certificate load from file `/home/sybase/sybase/ASE-15_0/certificates/REDHATSERVER.crt`: succeeded.
00:00000:00001:2014/09/29 16:16:30.83 kernel Trusted root certificates loaded from file '//home/sybase/sybase/ASE-15_0/certificates/REDHATSERVER.txt': succeeded.
sslcontextinit(0x4546f40) return SUCCESS!
ssl_setciphersincontext(0x4546f40, 1): entered.
ssl_makecipherarray(0x487dd00, 0x487dd04) entry.
ssl_makecipherarray() returns (0).
ssl_setciphersincontext(0x4546f40, 1): exiting with return value 0
ssl_initmasterctxt(): returns success.
00:00000:00008:2014/09/29 16:16:30.84 kernel network name REDHATSERVER, interface IPv4, address 172.20.136.43, type tcp, port 5000, filter NONE
ssl_ninit(0) entry
00:00000:00008:2014/09/29 16:16:30.84 kernel network name REDHATSERVER, interface IPv4, address 172.20.136.43, type ssltcp, port 6006, filter ssl
ssl_listen(0) returns success 2, snflags 0x6
Below command to concat the certicate:
cat REDHATSERVER.txt >> $SYBASE/config/trusted.txt
Below Command to connect through ISQL:
isql -Usa -SREDHATSERVER:6006
Password:
CT-LIBRARY error:
ct_connect(): network packet layer: internal net library error: Net-Library operation terminated due to disconnect
Detailed Logs on connecting through ISQL:
ssl_nopen(2) entry
ssl_nopen(2) returns 14 soflags 0x0
ssl_nopen(2) entry
ssl_handshake(14) entry
ssl_readcb(0x4550688, 3, 0x4a078dc, 0x5b926c0) entry
ssl_readcb() returns sslerr 0, processed 3
ssl_readcb(0x455081d, 512, 0x4a078ec, 0x5b926c0) entry
ssl_readcb() returns sslerr 0, processed 512
ssl_writecb(0x45518dc, 7, 0x4a0794c, 0x5b926c0) entry
ssl_writecb() returns sslerr 0, processed 7
ssl_handshake(14) return err -2, sslerr -6996
ssl_nclose(0x5b926c0) entry
00:00000:00023:2014/09/29 16:16:47.33 kernel ssl_close(14): SSLClose(0x451e3b0) failed (-6989).
ssl_nclose(0x5b926c0) return 0
I can't guess where i am wrong. I spent a day for this to work. Anyone help me on this.
Thanks,
Ganesan G
To determine if current connection is using SSL or not, I would run this query:
select @@ssl_ciphersuite
Now when it comes to debugging SSL connectivity, there is useful debugging facility in OCS libraries. Specifically, you can do this:
set SYBOCS_DEBUG_FLAGS=CS_DBG_SSL
set SYBOCS_DEBUG_LOGFILE=libsybfssl.log
isql –S my_ssl_server –U ... -x trusted_txt_path
and then examine the libsybfssl.log
file for debugging information. Note that the interfaces
file on isql
machine must have an entry configured for my_ssl_server
like below:
[my_ssl_server]
query=NLWNSCK,my_ssl_server,6006,ssl
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
On specifying ssl entry alone in interfaces file resolved the issue.
REDHATSERVER
master tcp ether redhatserver 6006 ssl
query tcp ether redhatserver 6006 ssl
Now i can connect using iSQL.
I faced another problem, i can't connect Sybase ASE server with SSL using jTDS driver.
Connection String :
jdbc:jtds:sybase://<hostName>:<port>/<database_name>;ssl=require
Stack Trace :
Caused by: java.sql.SQLException: I/O Error: Connection reset
at net.sourceforge.jtds.jdbc.TdsCore.nextToken(TdsCore.java:2387)
at net.sourceforge.jtds.jdbc.TdsCore.login(TdsCore.java:614)
at net.sourceforge.jtds.jdbc.ConnectionJDBC2.<init>(ConnectionJDBC2.java:356)
at net.sourceforge.jtds.jdbc.ConnectionJDBC3.<init>(ConnectionJDBC3.java:50)
at net.sourceforge.jtds.jdbc.Driver.connect(Driver.java:185)
at java.sql.DriverManager.getConnection(DriverManager.java:582)
at java.sql.DriverManager.getConnection(DriverManager.java:185)
... 46 more
Caused by: java.net.SocketException: Connection reset
at java.net.SocketInputStream.read(SocketInputStream.java:168)
at java.io.DataInputStream.readFully(DataInputStream.java:178)
at java.io.DataInputStream.readFully(DataInputStream.java:152)
at net.sourceforge.jtds.jdbc.SharedSocket.readPacket(SharedSocket.java:851)
at net.sourceforge.jtds.jdbc.SharedSocket.getNetPacket(SharedSocket.java:732)
at net.sourceforge.jtds.jdbc.ResponseStream.getPacket(ResponseStream.java:477)
at net.sourceforge.jtds.jdbc.ResponseStream.read(ResponseStream.java:114)
at net.sourceforge.jtds.jdbc.TdsCore.nextToken(TdsCore.java:2281)
... 56 more
Note: I need encryption alone without certification validation.
jTDS Driver Version : 1.2.8
JRE : 1.6.0_14
Thanks,
Ganesan G.
From the jTDS\README.SSL
file:
At this point it should be noted that the solution has been tested against SQL
Server 2000 (SQL2K), and nothing else. Everything in this section applies to SQL
Server 2000. Having said that, the changes made to support SSL will not affect
the behavior of jTDS with other products when using plain sockets.
So SSL is not supported for SAP ASE in jTDS.
Hi Ganesan G,
Is your ASE name REDHATSERVER?
Do you have an entry in your interfaces file?
REDHATSERVER
master tcp ether host port ssl
query tcp ether host port ssl
SSL will not work if you do not use the specific name of your ASE,
which should also be your CN or common name in the ssl certificate.
Try:
isql -Usa -SREDHATSERVER
If you add the port number in -S it will not work.
Regards,
Ryan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Ryan,
Yes, my ASE name is REDHATSERVER.
In my interfaces file, i have entry as below:
REDHATSERVER
master tcp ether redhatserver 5000
query tcp ether redhatserver 5000
master tcp ether redhatserver 6006 ssl
query tcp ether redhatserver 6006 ssl
ISQL is connecting to server if the port number is not specfified. But how can i find, is it connected with encryption(6006 port) or plain text connection(5000 port).
isql is also connecting with port 5000 as below:
isql -Usa -SREDHATSERVER:5000
Common Name for CA root Certificate is REDHATSERVER
Common Name for Server Certificate is REDHATSERVER
Still the error persisit.
Regards,
Ganesan G.
User | Count |
---|---|
88 | |
23 | |
11 | |
9 | |
8 | |
5 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.