Manualshelf

Common Data Security Architecture (CDSA) White Paper

ManualsBrandsHP ManualsSoftwareHP-UX Security Products and Features Software
111112113114115116117118119120
118 AppendixE
Trouble Shooting HP CDSA
CDSA Start Up Errors when calling CSSM_ModuleAttach
CDSA Start Up Errors when calling
CSSM_ModuleAttach
Although CDSA start-up errors can be considered a subset of CDSA API errors, they
generally require more effort to understand beyond looking at the error code. These type of
errors usually originate as a result of an attempt to call CSSM_ModuleAttach.
One common error CDSA add-in developers may encounter is a failure of the HPUX shared
library load function (shl_load) to load a requested add-in. CSSM_ModuleAttach will initiate
a series of other function calls, one of which is shl_load. This will result in the error code
10031 being set (see above).
shl_load errors might imply many problems; but for add-in developers it typically implies that
there are undefined functions or data in the shared library. Thus, one will not likely
encounter this particular error if they are utilizing HP released add-in modules. However, if
you are developing/debugging your own or someone else’s add-in module, this error could
occur. To fix the problem, you want to make sure your add-in module does not refer to
undefined functions or data.
Another error that may be encountered as a result of a CSSM_ModuleAttach occurs with CSP
add-in modules only. In this situation, the inability to load is a result of an integrity check
failure on the CSP. HP has designed the CDSA framework so that it can output a diagnostic
integrity trace that allows the user to discern if integrity check failure is occurring.
Before running a CDSA application that is having trouble attaching, cd to the following
directory:
<your_home_directory_path>/.cdsa/<your_user_name>
As an example, if your home directory was in /home/smith, and your user name was smith,
you would cd to /home/smith/.cdsa/smith . Next, execute the following command:
touch enableIntegrityTrace
On start-up, CDSA checks for this file’s existence. If it detects the file, it outputs a complete
trace of its integrity checking activities for start-up of CSSM and attachment to a CSP into
the enableIntegrityTrace file.
If these actions are successful the trace file will have output identical to that shown below
(although if you are trying to load a different CSP than libcsp_wwb.1, the CSP lib name will
be different):
isl_InitializeSignedListFromImage: manifest hash confirmed!!!
isl_CreateCertificateChain: cert-chain validated; links = 1