A fix is available
APAR status
Closed as program error.
Error description
Attempting to debug a failing CICS SSL Application using the SSL GSKSRVR Component Trace displays the following error: . CICS MESSAGE 00000004 09:14:39.277108 SSL_ERROR Job CICSNAME Process 00020136 Thread 00000001 default_setsocketoptions fcntl(F_GETFL) failed for socket 766487040: 113 - EDC5113I Bad file descriptor. . System SSL will put out this message when the File Descriptor that was passed to us is not a valid file descriptor. SSL will continue processing because it's not known if the application is sending us a pointer to a structure instead of the actual file descriptor. Therefore, the SSL Handshake will continue despite the error shown above. . The message is issued due to CICS not supplying a callback routine for SETSOCKETOPTIONS. This causes system SSL to use the native TCPIP routine which then fails with EBADF because the file desciptor passed to it is not a real file descriptor. CICS should provide a callback for the setsocketoptions call. . Additional Symptom(s) Search Keyword(s): KIXREVRJL
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: All CICS users * **************************************************************** * PROBLEM DESCRIPTION: An SSL component trace taken during a * * CICS SSL handshake process contains * * SSL_ERROR entries, but the handshake is * * successful. * **************************************************************** * RECOMMENDATION: * **************************************************************** CICS has not provided an io_setsocketoptions() callback routine to be used during the SSL handshake process, so System SSL attempts to use the default routine. However the socket descriptor passed to this routine is not a true socket descriptor, but is an internal token used by CICS. The default routine attempts an fcntl(F_GETFL) function, which fails with an EBADF response because of the invalid socket descriptor. The handshake is successful, but a SOCKET_ERROR condition is logged on the System SSL component trace. This can lead to misleading diagnostics. Additional keywords: MSGEDC5113I EDC5113I gsk_secure_socket_init
Problem conclusion
DFHSOSE has been changed to supply a dummy version of the io_setsocketoptions() callback routine.
Temporary fix
FIX AVAILABLE BY PTF ONLY
Comments
APAR Information
APAR number
PM85135
Reported component name
CICS TS Z/OS V5
Reported component ID
5655Y0400
Reported release
800
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2013-03-19
Closed date
2013-04-10
Last modified date
2015-03-04
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UK93412
Modules/Macros
DFHLEPT@
Fix information
Fixed component name
CICS TS Z/OS V5
Fixed component ID
5655Y0400
Applicable component levels
R803 PSY UK93412
UP13/04/20 P F304
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"5.1","Edition":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"5.1","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
04 March 2015