Re: openssl, c-kermit and IBM information exchange

Tue, 27 Apr 2004 13:18:34 -0700

Your questions are really specific to C-Kermit so I suggest you use the comp.protocols.kermit.misc
newsgroup in the future.

I would suggest you follow the troubleshooting guidelines on the page

   http://www.kermit-project.org/ibm_ie.html

as well as use the provided ibm_infoexchange script

   ftp://kermit.columbia.edu/kermit/scripts/ckermit/ibm_infoexchange

to debug the TLS connection you want to turn on

   SET AUTH TLS VERBOSE ON
   SET AUTH TLS DEBUG ON

Then you will see where in the TLS exchange the connection is being lost.
99% chance the reason you are losing is there is a firewall between you and
IBM which does not permitted secure FTP sessions.

Jeffrey Altman
Kermit 95 Author
Secure Endpoints Inc


Vasseur, Peter wrote:

Hello.
I am trying to make a secure FTP connection to IBM Information Exchange from my UNIX machine. I am using C-Kermit 8.0.211, which I compiled for use with openssl on Solaris9 with gcc 3.3.
I used openssl to convert the IBM certificates that I was assigned in PKCS#12 format to PEM format for use with c-kermit and openssl, with the following command.

    openssl pkcs12 -in pkcs#12_filename -out pem_filename

As best as I can tell I have followed everything in the c-kermit documentation, as well as the IBM information exchange web site. however when I connect to the site I am asked for the PEM certificate passphrase both under TLS authentication. I correctly enter the passphrase I gave he PEM certificate (and KEY) and it accepts it, however it waits for approximately five minutes before it comes back again with an SSL/TLS connect COMMAND error (see below) and I have to re-enter the passphrase and wait five minutes until it times out again.
Here is a transcript of what I get


    Connected to ieftpint2.services.ibm.com.
    TLS accepted as authentication type
    Enter certificate passphrase:
    ftp: SSL/TLS connect COMMAND error:
    error:00000000:lib(0):func(0):reason(0)
    TLS authentication failed
    Connected to ieftpint2.services.ibm.com.
    SSL accepted as authentication type
    Enter certificate passphrase:
    ftp: SSL/TLS connect COMMAND error:
    error:00000000:lib(0):func(0):reason(0)
    SSL authentication failed
    Connected to ieftpint2.services.ibm.com.
    USER command not allowed on insecure connection - use AUTH command.
    FTP login failed.
    C-Kermit 8.0.211, 10 Apr 2004, for Solaris 9
     Copyright (C) 1985, 2004,
      Trustees of Columbia University in the City of New York.
    Type ? or HELP for help.

I looked in the archives for this list, since I am a newbie, to not have to bother you, but the results for a search on ftp: SSL/TLS connect COMMAND error: error:00000000:lib(0):func(0):reason(0) did not help me find the answer.
I have an IBM technical person working on this, but they had no clue what this was about --- but he would get right back to me..........
Any advice you can provide will be greatly appreciated.
Peter 



Attachment:
smime.p7s

Description: S/MIME Cryptographic Signature

Reply via email to