Recently upgraded XCOM from version 11.0.812.0 to 11.6 SP01 on some of our AIX 7.1 systems.
To date, everything is functioning, as it was before the upgrade.
However, we have noticed the following recurring message in the $XCOM_HOME/xcom.log file:
XCOMU0780E Txpi 308: TxpiInitSSL Failed msg = <error:02001002:system library:fopen:No such file or directory +++ fopen('/var/spool/xcom/ssl/certs/cassl.pem','r')> value = 0:
As we have not configured SSL/TLS, can these messages be ignored? if is there a way to suppress them?
Typically those messages "XCOMU0780E Txpi 308: TxpiInitSSL Failed msg = <error:02001002:system library:fopen:No such file or directory +++ fopen('/var/spool/xcom/ssl/certs/cassl.pem'" would only appear in the $XCOM_HOME/xcom.log file if the XCOM SSL port 8045 is being used to send or receive file transfers and there is a problem with the SSL configuration.
If not using SSL file transfers then the suspicion is that there is some sort of health check ping sending packets to the AIX server on port 8045 (it maybe a load balancer doing that if the server is part of such a set-up). Some related articles:
XCOMU0812I, XCOMU0780E, XCOMU0818I fills xcom.log file
Recommended method to perform XCOM port health check pings
Running the sample SSL scripts (makeca, makeserver, makeclient) to create the missing file being complained about, would stop the "fopen:No such file or directory" part of the message (XCOM Data Transport for UNIX/Linux 11.6.1 > Using > Generating TLS/SSL Certificates). NOTE: There is no need to restart the xcomd service after doing this because SSL files are read on every transfer execution.
However, if health check pings are taking place, then per the above articles, this message would be seen in the xcom.log file:
XCOMU0780E XCOMU0780E TcpIp 507: TXPI function failed with no error code
Per the 2nd article using XCOM ping requests ("xcomtcp -ping ...") for the health check should eliminate the XCOMU0780E message altogether.
The user confirmed that the messages are related to using a Nessus vulnerability scanner.
As only non-SSL transfers are being used on port 8044, the SSL listening port 8045 is not required:
so he will remove the following txpis line from /etc/inetd.conf and refresh inetd:
txpis stream tcp nowait root /var/spool/xcom/bin/xcomtcp xcomtcp REMOTE 0 SSL