» Sign-in with HP Passport | » Register
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
Search:
More options
 
hp.com home

HP Support document

» 

Business Support Center

HP Passport Sign-in
» Sign-in with HP Passport
» Register
» Learn more...

Tasks

» Download drivers and software
» Troubleshoot a problem
» Setup, install, and configure
» Discover and use a product
» Perform regular maintenance
» Upgrade and migrate
» Recycle and dispose
»

Resources

» Customer Self Repair
» Diagnose problem or Chat (HP Instant Support)
» Support Forums
» Guided troubleshooting
» Manuals
» Submit a support case
» See more...
» Help
» Site map
» HP Support Center
SUPPORT COMMUNICATION - CUSTOMER ADVISORY

Document ID: c02449766

Version: 1

ADVISORY: Advisory for HP VMS SSL users on OpenVMS V8.4 for Integrity and Alpha platform
NOTICE: The information in this document, including products and software versions, is current as of the Release Date. This document is subject to change without notice.

Release Date: 2010-07-29

Last Updated: 2010-07-29

DESCRIPTION

HP OpenVMS V8.4 includes HP VMS SSL V1.4 as a default system integrated product (layered product). Applications linked with HP VMS SSL V1.3 will not work as expected with the latest HP VMS SSL V1.4. Such applications need to be recompiled and then re-linked with HP VMS SSL V1.4 header files and libraries.

Why HP VMS SSL is not Backward Compatible?

The HP VMS SSL Version 1.4 for OpenVMS is based on the 0.9.8h base level of OpenSSL. HP VMS SSL Version 1.3 for OpenVMS is based on OpenSSL 0.9.7e. Some of the OpenSSL API’s, data structures and commands have changed from the version 0.9.7e to version 0.9.8h thus resulting in backward compatibility issues.

HP VMS engineering recommends the SSL dependent applications to be rebuilt with HP VMS SSL V1.4 shareable(s) as it includes the support for latest security updates.

In case of application noncompliance with the re-compilation/re-link requirement of HP VMS SSL V1.4 library, the OpenVMS operating system terminates the SSL dependent application processes with “ident mismatch with shareable image“ error as provided below:

$ run ssl_test

%DCL-W-ACTIMAGE, error activating image SSL$LIBSSL_SHR32

-CLI-E-IMGNAME, image file

DWLLNG$DKA500:[SYS0.SYSCOMMON.][SYSLIB]SSL$LIBSSL_SHR32.EXE

-SYSTEM-F-SHRIDMISMAT, ident mismatch with shareable image

$

The HP VMS SSL users on OpenVMS platform may benefit from this advisory as provided below if application migration from HP VMS SSL V1.3 to V1.4 is not possible immediately.

SCOPE
The following is the list of HP OpenVMS V8.4 products or components that are dependent on HP VMS SSL V1.4:

  • LDAP

  • ENCRYPT

  • Stunnel

  • HP System Management Homepage (HP SMH) for OpenVMS

  • HP WBEM Services for OpenVMS Integrity servers

  • HP OpenView Operations Agent for OpenVMS

  • OpenView Performance Agent (OVPA) for OpenVMS

  • Secure Web Server

  • ABS

  • HP Enterprise Directory

  • HPBINARYCHECKER

If OpenVMS V8.4 users choose to downgrade the HP VMS SSL version to V1.3, then the above listed products will not work. Also, HP VMS SSL V1.3 would not have the latest security patches/features.

RESOLUTION
If application migration to HP VMS SSL 1.4 is not possible immediately, a temporarily workaround solution is to define the process wide logicals for the application, to use the HP VMS SSL V1.3 shareable libraries. This could be done as stated below:

  1. Download SSL 1.3 kit from HP OpenVMS SSL website. Website link: http://h71000.www7.hp.com/openvms/products/ssl/ssl.html

  2. Extract the self extractable images

    $! For SSL V1.3 on an Integrity system

    $ RUN HP-I64VMS-SSL-V0103-0284-1.PCSI_SFX_I64EXE

    $! For SSL V1.3 on an Alpha system

    $ RUN HP-AXPVMS-SSL-V0103-0281-1.PCSI_SFX_AXPEXE

  3. The following files will get extracted:

    • On Alpha system

      • HP-AXPVMS-SSL-V0103-0281-1.PCSI$COMPRESSED
      • HP-AXPVMS-SSL-V0103-0281-1.PCSI$COMPRESSED_ESW
    • On Integrity system
      • HP-I64VMS-SSL-V0103-0284-1.PCSI$COMPRESSED
      • HP-I64VMS-SSL-V0103-0284-1.PCSI$COMPRESSED_ESW

  4. Extract SSL shareable libraries from the PCSI$COMPRESSED file

    $ PRODUCT EXTRACT FILE SSL /select= SSL$LIB*.exe /dest=[]/log

    The above command extracts the following four SSL shareable libraries in the current location.

    Example Output:

    %PCSI-I-CREFIL, created file

    DISK$I64SYS:[EXTRACTHERE.][000000]SSL$LIBCRYPTO_SHR.EXE;1

    %PCSI-I-CREFIL, created file

    DISK$I64SYS:[EXTRACTHERE.][000000]SSL$LIBCRYPTO_SHR32.EXE;1

    %PCSI-I-CREFIL, created file

    DISK$I64SYS:[EXTRACTHERE.][000000]SSL$LIBSSL_SHR.EXE;1

    %PCSI-I-CREFIL, created file

    DISK$I64SYS:[EXTRACTHERE.][000000]SSL$LIBSSL_SHR32.EXE;1

  5. Define the following four logicals that point to the V1.3 version of SSL shareable libraries in application startup procedure just before invoking the executable which is linked with HP VMS SSL V1.3. Please note that these are process wide logical and hence will not affect other applications.

    $ define SSL$LIBSSL_SHR32 -

    DISK$I64SYS:[EXTRACTHERE]SSL$LIBSSL_SHR32.EXE

     

    $ define SSL$LIBCRYPTO_SHR32 -

    DISK$I64SYS:[EXTRACTHERE]SSL$LIBCRYPTO_SHR32.EXE

     

    $ define SSL$LIBSSL_SHR -

    DISK$I64SYS:[EXTRACTHERE]SSL$LIBSSL_SHR.EXE

     

    $ define SSL$LIBCRYPTO_SHR -

    DISK$I64SYS:[EXTRACTHERE]SSL$LIBCRYPTO_SHR.EXE

    Here "DISK$I64SYS:[EXTRACTHERE]" is the location of the extracted files. Please change this to match to the appropriate directory where the files are extracted.

  6. De-assign the logicals after application completes the execution (unless the application is executed as a detached process )

    $ deassign SSL$LIBSSL_SHR32

    $ deassign SSL$LIBCRYPTO_SHR32

    $ deassign SSL$LIBSSL_SHR

    $ deassign SSL$LIBCRYPTO_SHR

Limitations:

  1. Using the V1.3 SSL shareable libraries will result in losing the latest security patches/features available in HP VMS SSL V1.4.

  2. This workaround solution will not work where application is also linked against a shareable library which uses different version of SSL. For example we have an application SAMPLEAPP.EXE which is linked with HP VMS SSL V1.3 libraries and also linked with TEST_SHR.EXE shareable library. TEST_SHR.EXE shareable library is internally linked with HP VMS SSL V1.4 on OpenVMS V8.4. If sampleapp.exe is executed by defining the process wide logical as explained above, the application might not work. This is because TEST_SHR.EXE image is linked with HP VMS SSL V1.4 library.

  3. This workaround will not work if the application has installed shareable libraries which use HP VMS SSL 1.3 shareable libraries.

Hardware Platforms Affected: HP OpenVMS Operating Systems, HP OpenVMS I64 Operating Systems
Components Affected: Not Applicable
Operating Systems Affected: HP OpenVMS Operating Systems
Software Affected: Not Applicable
Third Party Products Affected: Not Applicable
Support Communication Cross Reference ID: IA02449766
©Copyright 2010 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.

   Content feedback
To help us improve our content, please provide your feedback below.

1. How does the information on this page help you?
   very helpful somewhat helpful not helpful
 

2. Was it easy to find this document?
   easy not easy

3. If you selected not easy for question 2, in which section did you expect to find it?
     

4. Comments:
 
 
- Your feedback will be used to improve our content. Please note this form is for feedback only, so you will not receive a response.
Contact HP if you need technical assistance.

Printable versionPrintable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2013 Hewlett-Packard Development Company, L.P.