Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 HP-UX Software Assistant Administration Guide: HP-UX 11i Systems > Chapter 5 Networking Options

Protocols
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Glossary

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

Software Assistant uses a few protocols in its normal operation: HTTPS when retrieving the catalog file, HTTP when validating the catalog source, and FTP when downloading patches.

Table 5-1 SWA Protocols

 UseOptionsPort
HTTPSCatalog download.Default location can be changed with the extended options catalog_source and download_cmd when using the commands swa report and swa step catalog.443
HTTPValidation of the remote server from which the catalog file is downloaded using a Certificate Revocation List (CRL).CRL verification can be disabled with the extended option crl_check when using the commands swa report and swa step catalog.80
FTPPatch download.Can override the download URL defined in the catalog with the extended option download_cmd when using the commands swa get and swa step download.21

 

Acquiring the Catalog File

During the swa report and swa step catalog commands, a catalog file is downloaded from the HP IT Resource Center (ITRC) website. This operation uses HTTPS to transfer the file from the ITRC to your local system. The default catalog source is

https://ftp.itrc.hp.com/wpsl/bin/doc.pl/screen=wpslDownloadPatch/swa_catalog.xml.gz?PatchName=/export/patches/swa_catalog.xml.gz

The catalog source may be changed with the extended option catalog_source.

The HTTPS protocol ensures the integrity of the catalog file itself, but the integrity of the source system must be verified. This is vital for security, because a valid catalog is required for system analysis and the downloading of patches. A Certificate Authority's (CA) Certificate Revocation List (CRL) is used to validate the integrity of the source system from which the catalog is downloaded. SWA uses HTTP to communicate with the CA. The default behavior when using the commands swa report and swa step catalog is for SWA to check the CRL. This source system validation may be disabled with the extended option crl_check.

The catalog contains the location of the patches for download and MD5 cryptographic hash information that will be used to verify patches downloaded from the ITRC website.

For more information, see swa-report(1M).

Downloading Patches

Software Assistant uses the FTP protocol when patches are downloaded from the ITRC website using swa get or swa step download. The location of the patches and MD5 cryptographic hash information to authenticate the patches are included in the catalog.

The process SWA follows when downloading patches is:

  1. The location of the patches and the MD5 data are acquired from the catalog file.

  2. The patches are downloaded using the default FTP location in the catalog file.

  3. The MD5 check is done when the patches are downloaded into the swcache.

    Note that if you use media or other means to relocate the swcache files to a new system (the swa get and swa step download commands are not used), the MD5 cryptographic hash validation of the patches is not repeated. Also, there is no way to explicitly perform the MD5 cryptographic hash validation using SWA.



Chapter 5 Networking Options
  		 


Using SWA in Secure Network Environments  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2007–2008 Hewlett-Packard Development Company, L.P.