ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum IndexUser ExitsChannel program XXXXX was ended by exit '/u1/mqu/lib/exit.so

Post new topicReply to topic
Channel program XXXXX was ended by exit '/u1/mqu/lib/exit.so View previous topic :: View next topic
Author Message
riyaz_tak
PostPosted: Thu Dec 10, 2015 12:58 am Post subject: Channel program XXXXX was ended by exit '/u1/mqu/lib/exit.so Reply with quote

Apprentice

Joined: 05 Jan 2012
Posts: 32

Hi

We recently migrated to WMQ 7.5.0.4 from 7.0.1.11.
After migrating we are getting below error in MQ log for receiver channel :

AMQ9536: Channel ended by an exit.

EXPLANATION:
Channel program XXXX was ended by exit '/u1/mqu/lib/exit.so(secExit)'.

Receiver channel details :

define channel (xxxxxx) +
chltype (rcvr) +
trptype (tcp) +
sslcauth (required) +
sslciph (RC4_MD5_EXPORT) +
mcauser ('rubbish') +
maxmsgl (65536) +
scyexit ('/u1/mqu/lib/exit.so(secExit)') +
scydata ('cfg/sec.cfg')

Platform Solaris 10.
GSKit version 7.0.4.45

Please let me know if you need more information.

Regards
Riyaz
Back to top
View user's profile Send private message
smdavies99
PostPosted: Thu Dec 10, 2015 1:00 am Post subject: Reply with quote

Jedi Council

Joined: 10 Feb 2003
Posts: 6077
Location: Somewhere over the Rainbow this side of Never-never land.

did you rebuild the Exit with the V7.5 libraries?
_________________
WMQ User since 1999
MQSI/WBI/WMB/'Thingy' User since 2002
Linux user since 1995

Every time you reinvent the wheel the more square it gets (anon). If in doubt think and investigate before you ask silly questions.
Back to top
View user's profile Send private message
riyaz_tak
PostPosted: Thu Dec 10, 2015 1:13 am Post subject: Reply with quote

Apprentice

Joined: 05 Jan 2012
Posts: 32

No I guess we didn't.

Infact don't have much idea about it.
Could you please advise us how to do it?
Back to top
View user's profile Send private message
fjb_saper
PostPosted: Thu Dec 10, 2015 5:45 am Post subject: Reply with quote

Grand Poobah

Joined: 18 Nov 2003
Posts: 19391
Location: LI,NY

You need to rebuild the exit for both 32 and 64 bits with the new libraries.
Have fun
_________________
MQ & Broker admin
Back to top
View user's profile Send private message Send e-mail
Vitor
PostPosted: Thu Dec 10, 2015 5:58 am Post subject: Reply with quote

Grand High Poobah

Joined: 11 Nov 2005
Posts: 24614
Location: Ohio, USA

riyaz_tak wrote:
Could you please advise us how to do it?


Aside from the very valid advice offered, you could also consider what security features the exit provides (I'm guessing something called "secExit" is a security exit) and see if those functions can be replaced with the features added in v7.5, eliminating the need for the exit to be recompiled along with the need for the exit.
_________________
Honesty is the best policy.
Insanity is the best defence.
Back to top
View user's profile Send private message
riyaz_tak
PostPosted: Thu Dec 10, 2015 6:49 pm Post subject: Reply with quote

Apprentice

Joined: 05 Jan 2012
Posts: 32

Thanks everyone for valuable advice
Back to top
View user's profile Send private message
riyaz_tak
PostPosted: Fri Dec 11, 2015 12:49 am Post subject: Reply with quote

Apprentice

Joined: 05 Jan 2012
Posts: 32

WMQ v 7.5 has added SERIALNUMBER parameter in SSLpeer.
Out custom security exit module was failing because of that.
Handled SERIALNUMBER and channel got started.
Back to top
View user's profile Send private message
bruce2359
PostPosted: Fri Dec 11, 2015 5:39 am Post subject: Reply with quote

Poobah

Joined: 05 Jan 2008
Posts: 7847
Location: US: west coast, almost. Otherwise, enroute.

riyaz_tak wrote:
WMQ v 7.5 has added SERIALNUMBER parameter in SSLpeer.
Out custom security exit module was failing because of that.
Handled SERIALNUMBER and channel got started.

For the benefit of others, please explain how exactly you "Handled" this.
_________________
I didn't know that Schrdinger had a cat.
Back to top
View user's profile Send private message
riyaz_tak
PostPosted: Mon Dec 14, 2015 1:27 am Post subject: Reply with quote

Apprentice

Joined: 05 Jan 2012
Posts: 32

We have written channel security exit program.

This program was verifying SSLpeer values against CN,OU,O,ST and C values configured in config files.

Now we were getting extra parameter called SERIELNUMBER in SSLpeer (it's equivalent to certificate serial number ) so our security exit was failing.

So we added this new parameter in our config file and issue got resolved.


I hope this will help.
Back to top
View user's profile Send private message
RogerLacroix
PostPosted: Mon Dec 21, 2015 3:04 pm Post subject: Reply with quote

Jedi Knight

Joined: 15 May 2001
Posts: 3020
Location: London, ON Canada

smdavies99 wrote:
did you rebuild the Exit with the V7.5 libraries?

Absolutely not required.

fjb_saper wrote:
You need to rebuild the exit for both 32 and 64 bits with the new libraries.

Incorrect. Channel security exit for MQ greater than v5.3 on Solaris MUST be 64-bit. The MCA process will not run as 32-bit.

riyaz_tak wrote:
WMQ v 7.5 has added SERIALNUMBER parameter in SSLpeer.
Out custom security exit module was failing because of that.
Handled SERIALNUMBER and channel got started.

Your code (exit) is explicitly closing the channel by doing
Code:
pCXP->ExitResponse = MQXCC_SUPPRESS_FUNCTION;


riyaz_tak wrote:
Now we were getting extra parameter called SERIELNUMBER in SSLpeer (it's equivalent to certificate serial number ) so our security exit was failing.

So basically, some poor logging going on in your code (exit).

FYI: Anytime your code (exit) explicitly closes the channel, it should be logging EXACTLY why it closed the channel, so that people are not confused by the channel not running.

Regards,
Roger Lacroix
Capitalware Inc.
_________________
Capitalware: Transforming tomorrow into today.
Connected to MQ!
Twitter
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:
Post new topicReply to topic Page 1 of 1

MQSeries.net Forum IndexUser ExitsChannel program XXXXX was ended by exit '/u1/mqu/lib/exit.so
Jump to:



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP


Theme by Dustin Baccetti
Powered by phpBB 2001, 2002 phpBB Group

Copyright MQSeries.net. All rights reserved.