Patch-ID# 114790-02 Keywords: crypto accelerator nca ssl Synopsis: Sun Crypto Accelerator 1000 1.1: patch Date: Aug/20/2003 Install Requirements: Reboot after installation See Special Install Instructions Solaris Release: 9 SunOS Release: 5.9 Unbundled Product: Sun Crypto Accelerator 1000 Unbundled Release: 1.1 Xref: Topic: This patch is currently supported on Solaris 9 4/03 and Sun Fire V210, V240 and V480. This patch support ONLY ssl3 and ssl2 with ssl3 upgrade. In order to fully utilize the performance enhancement features, you need to install this patch after a SunOS installation. Relevant Architectures: sparc sparc.sun4u BugId's fixed with this patch: 4830164 4870905 4871230 4876194 4876204 4876211 4903379 Changes incorporated in this version: 4903379 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: 112233-05 or greater Obsoleted by: Files included with this patch: /kernel/drv/sparcv9/nca /kernel/fs/sparcv9/sockfs /kernel/misc/sparcv9/sha1 /platform/sun4u/kernel/misc/sparcv9/rc4 /usr/bin/certtonca /usr/bin/keytonca /usr/lib/ncad_addr.so.1 Problem Description: 4903379 certtonca in NCAS patch 114790-01 depends on NSS 3.4 shared libraries (from 114790-01) 4830164 NCA needs to support SSL protocols 4876204 does not check for supported OS 4876211 nca: WARNING when receiving a request 4870905 certtonca results in segmentation fault 4871230 certtonca only works with a particular realm and username 4876194 NCA Administration Guide: does not mention NSS version Patch Installation Instructions: -------------------------------- For Solaris 9 release, refer to the man pages for instructions on using 'patchadd' and 'patchrm' scripts provided with Solaris. Any other special or non-generic installation instructions should be described below as special instructions. The following example installs a patch to a standalone machine: example# patchadd /var/spool/patch/104945-02 The following example removes a patch from a standalone system: example# patchrm 104945-02 For additional examples please see the appropriate man pages. Special Install Instructions: ----------------------------- After installing this patch, reboot the system to load the newly installed driver. For users that use SunOne Web Server (S1WS 6.0 SP5 or later), it currently ships with NSS 3.3.2. NSS (Network Security Services) is a set of libraries designed to support cross-platform development of security-enabled server applications. The utility certtonca depends on the NSS shared libraries shipped with the S1WS Web Server and can be configured using LD_LIBRARY_PATH. The standard location for these libraries is /bin/https/lib. Depending on where the SunONE Webserver was installed, the following example shows how to set LD_LIBRARY_PATH if the web server was installed in /usr/iplanet/servers: /bin/sh % LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/iplanet/servers/bin/https/lib % export LD_LIBRARY_PATH or /bin/csh % setenv LD_LIBRARY_PATH "${LD_LIBRARY_PATH}:/usr/iplanet/servers/bin/https/lib" The utility certtonca must be executed in the directory where the file cert7.db resides. Execution outside this directory may result in a segmentation fault. When creating an account to store a certificate in the NSS database, the utility certtonca only works with the fixed user name (iws-deimos) and fixed realm name (deimos). README -- Last modified date: Wednesday, August 20, 2003