Guest

Cisco Application Extension Platform

Release Notes for Cisco Application eXtension Platform (AXP) 1.6.1

Hierarchical Navigation

Downloads

 Feedback

Table Of Contents

Release Notes for Cisco Application Extension Platform (AXP) 1.6.1

Contents

System Requirements

Cisco IOS Software Release

Supported Hardware

Files in Cisco AXP 1.6.1

Cisco AXP Product Files for Cisco SM SRE Service Modules

Cisco AXP Software Development Kit

Upgrading and Downgrading to a New Software Release

Packaging an Application using 1.6.1 SDK

Clean Installing Cisco AXP 1.6.1

Upgrading from Cisco AXP 1.5.x to Cisco AXP 1.6.1

Upgrading from Cisco AXP 1.1.x to Cisco AXP 1.6.1

No Downgrading from Cisco AXP 1.6.1 to Cisco AXP 1.1.x

Clean Installing Cisco AXP 1.1.x on Cisco AXP 1.6

Determining the Cisco AXP Software Version

New and Changed Information

Ciscoworks LMS Supports Cisco AXP

New Software Features in Cisco AXP 1.6.1

Basic Safeguards for Securing the Cisco AXP Router/Blade

Limitations and Restrictions

Verification Failed Error Message

Failure of the eventapid Process

Caveats

Open Caveats for Cisco AXP 1.6.1

Related Documentation

Software Documents

Cisco AXP

CiscoWorks LMS

Platform-Specific Documents

Obtaining Documentation, Obtaining Support, and Security Guidelines

Notices

OpenSSL/Open SSL Project

License Issues


Release Notes for Cisco Application Extension Platform (AXP) 1.6.1

Last Updated: May 16, 2011, OL-14273-01

These release notes support the software for the Cisco Application Extension Platform (Cisco AXP) version 1.6.1.

To determine if your Cisco IOS software or hardware platforms are affected, refer to the relevant Cisco IOS software release notes.

Start at the products page http://www.cisco.com/cisco/web/psa/default.html.

Navigate to the page for the Cisco IOS software that you are using; for example:

Products > Cisco IOS and NX-OS Software > Cisco IOS > Cisco IOS Software Release 15 Family > Cisco IOS Software Releases 15.1

Contents

System Requirements

New and Changed Information

Basic Safeguards for Securing the Cisco AXP Router/Blade

Limitations and Restrictions

Caveats

Related Documentation

Obtaining Documentation, Obtaining Support, and Security Guidelines

Notices

System Requirements

This section describes the system requirements for Cisco AXP Version 1.6.1 and includes the following sections:

Cisco IOS Software Release

Supported Hardware

Files in Cisco AXP 1.6.1

Upgrading and Downgrading to a New Software Release

Determining the Cisco AXP Software Version

Cisco IOS Software Release

Using Cisco IOS Release 12.4(24)T2 or 15.0(1)M1 and higher is recommended, depending on the type of router—refer to the "Supported Hardware" section.

Cisco AXP 1.6.1 supports routers with the following types of IP-based, crypto images:

Universal (c3900-universalk9-mz.SPA.151-1.XB)

IP-Base—not for applications that require the Event Application Programming Interface (API)

IP-Voice

Adv-Security

Adv-Enterprise

Note To use Cisco EEM events, you need to have one of the following feature licenses:
DATA, UC, or SEC.

You can download the Cisco AXP 1.6.1 image from www.cisco.com. Navigate the website as shown in the following steps:

Step 1 Choose Products and Routers > Routers > All Products tab.

Step 2 Choose Cisco Application Extension Platform > Download Software > Cisco Application Extension Platform Version 1.6.

Cisco AXP uses the netconf protocol to provide the programmatic interface for the Cisco IOS CLI API. Netconf is supported over two transport protocols: Blocks Extensible Exchange Protocol (BEEP) and Secure Shell (SSH).

Using netconf/SSH is strongly recommended. Netconf/SSH requires a crypto (K9) Cisco IOS software image. Netconf/SSH offers security on the Cisco IOS side. Credentials such as username/password must be supplied on the Cisco AXP side for the connection to be established.

For further information, refer to the "Netconf" section in the relevant Cisco AXP Developer Guide—see Configuration Guides.

Supported Hardware

Cisco Integrated Services Router (ISR) and Cisco ISR G2s are supported by Cisco AXP.

For Cisco ISRs, we recommend using Cisco IOS Release 12.4(24)T2 and higher.

For Cisco ISR G2s, we recommend using Cisco IOS Release 15.0(1)M1 and higher.

Note For Cisco ISR G2s: 3925E and 3945E, Cisco IOS release 15.1(1)T and higher is required.

The AIM2 service module requires Cisco IOS Release 15.0(1)M1 and higher. Cisco AXP integrates with the Cisco IOS software crypto images given in the "Cisco IOS Software Release" section.

Table 1 lists the Cisco routers and service modules supported by different versions of Cisco AXP.

Table 1 Cisco AXP Supported Hardware 

Cisco Router/
Service Module
AIM2-104
NME-302
NME-502
NME-522
ISM-300
SM-700
SM-900

891, 892

1.5.x1

1841

1.5.x

1941

1.5.x

2801

1.5.x

2811

1.5.x

1.0, 1.1, 1.5.x

1.1, 1.5.x

2821

1.5.x

1.0, 1.1, 1.5.x

1,1, 1.5.x

2851

1.5.x

1.0, 1.1, 1.5.x

1.1, 1.5.x

2901

1.5.x

2911

1.5.x

1.5.x

1.5.x

1.5.2, or higher

1.5.2, or higher

2921

1.5.x

1.5.x

1.5.x

1.5.2, or higher

1.5.2, or higher

2951

1.5.x

1.5.x

1.5.x

1.5.x

1.5.2, or higher

1.5.2, or higher

3825

1.5.x

1.0, 1.1, 1.5.x

1.1, 1.5.x

1.0, 1.1, 1.5.x

3845

1.5.x

1.0, 1.1, 1.5.x

1,1, 1.5.x

1.0, 1.1, 1.5.x

3925

1.5.x

1.5.x

1.5.x

1.5.x

1.5.2, or higher

1.5.2, or higher

3925E

1.5.2, or higher

1.5.2, or higher

1.5.2, or higher

1.5.2, or higher

1.5.2, or higher

3945

1.5.x

1.5.x

1.5.x

1.5.x

1.5.2, or higher

1.5.2, or higher

3945E

1.5.2, or higher

1.5.2, or higher

1.5.2, or higher

1.5.2, or higher

1.5.2, or higher

1 1.5.x = Cisco AXP 1.5.1 or higher


The abbreviated service module names used in Table 1 are expanded in Table 2.

Table 2 Cisco AXP Service Modules

Abbreviated Name
Full Name
Description

AIM2-104

AIM2-APPRE-104-K9

600MHz CPU, 512 MB

NME-302

NME-APPRE-302-K9

1GHz CPU, 512MB

NME-502

NME-APPRE-502-K9

1GHz CPU, 1GB

NME-522

NME-APPRE-522-K9

1.4GHz CPU, 2GB

ISM-300

ISM-SRE-300-K9

1.066 GHz, 512MB, 4GB eUSB

SM-700

SM-SRE-700-K9

1.066 GHz, 512MB, 4GB eUSB

SM-900

SM-SRE-900-K9

1.86GHz dual core CPU, 4 GB


Files in Cisco AXP 1.6.1

Files in Cisco AXP 1.6.1 are explained in the following sections:

Cisco AXP Product Files for Cisco SM SRE Service Modules

Cisco AXP Software Development Kit

Cisco AXP Product Files for Cisco SM SRE Service Modules

The compressed archive axp-k9.sme.1.6.1.tar.gz contains all package files associated with Cisco AXP for service modules such as SM-SRE-700-K9, SM-SRE-900-K9 (SM SRE service modules). The package files are shown in Table 3.

Table 3 Cisco AXP 1.6.1 Base Package for SM SRE: axp-k9.sme.1.6.1.tar.gz 

Filename
Purpose

axp-helper-k9.sme.1.6.1

Cisco AXP rescue helper image. Helps to install the application on Cisco SM SRE service modules when necessary.

axp-k9.sme.1.6.1.pkg

Main package for installing the Cisco AXP on Cisco SM SRE service modules.

axp-k9.sme.1.6.1.prt1

Package payload containing all data and executable files for a full installation of the Cisco AXP on Cisco SM SRE service modules.

axp-installer-k9.sme.1.6.1.prt1

Package payload containing all data and executable files for the installer subsystem associated with the Cisco AXP on Cisco SM SRE service modules.

axp-k9.sme.1.6.1.pkg.install.sre

Installer Tcl1 script.

axp-k9.sme.1.6.1.pkg.install.sre.header

Installer Tcl script header.

axp-k9.sme.1.6.1.key

SRE keyfile.

axp-timezone.sme.1.6.1.pkg

AXP Timezone package file.

axp-timezone.sme.1.6.1.prt1

AXP Timezone payload file. Contains required time zone definitions.

axp-app-dev.sme.1.6.1.pkg

Application Development add-on package file.

axp-app-dev.sme.1.6.1.prt1

Application Development add-on payload file.

1 Tcl = Tool Command Language


Cisco AXP Software Development Kit

Compressed archive axp-sdk.1.6.1.tar.gz contains the Cisco AXP Software Development Kit (SDK) tool for building third-party applications.

Upgrading and Downgrading to a New Software Release

For more information, see the "Installing and Upgrading Software" section of the relevant
Cisco AXP User Guide—see Configuration Guides.

Packaging an Application using 1.6.1 SDK

Clean Installing Cisco AXP 1.6.1

Upgrading from Cisco AXP 1.5.x to Cisco AXP 1.6.1

Upgrading from Cisco AXP 1.1.x to Cisco AXP 1.6.1

No Downgrading from Cisco AXP 1.6.1 to Cisco AXP 1.1.x

Clean Installing Cisco AXP 1.1.x on Cisco AXP 1.6

Packaging an Application using 1.6.1 SDK

Applications that are not packaged using 1.6 SDK will not run on AXP 1.6.1.

Clean Installing Cisco AXP 1.6.1

There are three options to clean install Cisco AXP 1.6.1 that include your application created using the AXP 1.6 SDK.

Note Applications that are not packaged using the AXP 1.6 SDK will not run on AXP 1.6.1.

Option 1

Step 1 Install Cisco AXP 1.6.1 through the Cisco IOS CLI:

For service modules only, make sure that all AXP 1.6.1 install files are located in the same FTP directory. Check that the files in Table 3 are present.

From the Cisco IOS command prompt, enter the command: 

service-module SM <slot>/0 install url ftp://<ftp server ip address>/<ftp server 
directory>/axp-k9.sme.1.6.1.pkg

You may be prompted to delete the existing AXP application that is already installed. Enter "yes" as the response: 

Delete the installed Application eXtension Platform (AXP) and proceed with new 
installation? [no]: yes

If you are installing on an SM-SRE-900-K9 module, you will be asked to select the Redundant Array of Inexpensive Hard Disks (RAID) type. Currently, two RAID modes are supported: RAID-1 and linear: 

Please select disk configuration (1 = RAID-1, 2 = linear):

Step 2 Install your application separately: 

software install package url ftp://<ftpserver>/application.pkg

Wait for the system to reboot.


Option 2

Step 1 Clean install Cisco AXP 1.6.1:

Make sure axp-k9.xxx.1.6.1.prt1, axp-installer-k9.xxx.1.6.1.prt1 and axp-timezone.xxx.1.6.1.prt1 are also in the same FTP directory as axp-k9.xxx.1.6.1.pkg. 

software install clean url ftp://<ftpserver>/axp-k9.xxx.1.6.1.pkg

Wait for the system to reboot.

Step 2 Install your application separately: 

software install package url ftp://<ftpserver>/application.pkg

Wait for the system to reboot.

Option 3

Step 1 Bundle your application with Cisco AXP 1.6.1.

Step 2 Clean install the resulting bundle package: 

software install clean url ftp://<ftpserver>/bundle.pkg

You can also use this command to install the bundle package: 

software install package url ftp://<ftpserver>/bundle.pkg

Wait for the system to reboot.

Upgrading from Cisco AXP 1.5.x to Cisco AXP 1.6.1

This procedure assumes you are upgrading from (AXP 1.5.x + application) to (AXP 1.6.1 + same application).

Step 1 Bundle your application with Cisco AXP 1.6.

Step 2 Upgrade to the bundle package: 

software install package url ftp://<ftpserver>/axp.k9.xxx.1.6.1.pkg

Wait for the system to reboot.

Upgrading from Cisco AXP 1.1.x to Cisco AXP 1.6.1

There are two methods to upgrade from Cisco AXP 1.1.x to Cisco AXP 1.6.1 and your application created by 1.6 SDK (applications that are not packaged using 1.6 SDK will not run on Cisco AXP 1.6.1):

Option1

Step 1 Upgrade AXP from 1.1.x to 1.6:

(Make sure axp-k9.xxx.1.5.3.prt1, axp-installer-k9.xxx.1.6.1.prt1 and axp-timezone.xxx.1.6.1.prt1 are also in the same FTP directory as axp-k9.xxx.1.6.1.pkg) 

software install package url ftp://<ftpserver>/axp-k9.xxx.1.6.1.pkg

Wait for the system to reboot. This will upgrade Cisco AXP from 1.1.x to 1.6.

Step 2 Install your application separately: 

software install package url ftp://<ftpserver>/application.pkg

Wait for the system to reboot. If the older version of the application exists on the system, this will upgrade the application to newer version. Otherwise, the application will be newly installed.

Option 2

This option assumes you are upgrading from (AXP 1.1.x + application) to (AXP 1.6 + same application).

Step 1 Bundle your application with Cisco AXP 1.6.

Step 2 Upgrade to the bundle package: 

software install package url ftp://<ftpserver>/bundle.pkg

Wait for the system to reboot.

No Downgrading from Cisco AXP 1.6.1 to Cisco AXP 1.1.x

Downgrade of Cisco AXP or your application from Cisco AXP 1.6.1 to Cisco AXP 1.1.x is not allowed. You must clean install Cisco AXP 1.1.x.

Clean Installing Cisco AXP 1.1.x on Cisco AXP 1.6

Before performing these steps, make sure the axp-k9.xxx.1.1.x.prt1 file is in the same FTP directory as the axp-k9.xxx.1.1.x.pkg file. To clean install Cisco AXP 1.1.x and your application created by 1.1.x SDK, perform the following steps:

Step 1 Clean install Cisco AXP 1.1.x: 

software install clean url ftp://<ftpserver>/axp-k9.xxx.1.1.x.pkg

Wait for the system to reboot.

Step 2 Install your application separately: 

software install add url ftp://<ftpserver>/application.pkg

Wait for the system to reboot.

One-step clean installation of a Cisco AXP 1.1.x bundle containing Cisco AXP 1.1.x and your application is not supported in Cisco AXP 1.6.1.

Determining the Cisco AXP Software Version

To determine the version of Cisco AXP software currently running on your Cisco AXP service module, log into the service module and enter the show software version EXEC command.

The following sample output from the show software version command indicates the version number on the first output line. 

Application eXtension Platform (AXP) version (1.6.1)

Technical Support: http://www.cisco.com/techsupport/ Copyright (c) 1986-2009 by Cisco 
Systems, Inc.

New and Changed Information

Ciscoworks LMS Supports Cisco AXP

CiscoWorks LMS 3.2 or higher supports AXP 1.6.1.

Ciscoworks LMS 4.0

http://www.cisco.com/en/US/products/ps11200/index.html

Ciscoworks LMS 3.2

Refer to CiscoWorks LMS Data Sheets.

New Software Features in Cisco AXP 1.6.1

1. Simple Network Management Protocol (SNMP)

System management using the SNMP version SNMPv2c is now supported. Standard Management Information Bases (MIBs) provide definitions of the information used by the SNMP commands. For more information, see the "System Management using SNMP and CDP" section of the AXP User Guide.

2. USB

USB devices matching the specified device classes in AXP are now supported. See the"Configuring USB Devices" section of the AXP User Guide. Additional support can be added via kernel modules. You can refer to the "Appendix 3: USB Devices" section of the AXP User Guide for more information.

3. Tempfs

The application /tmp directory can now be optionally mounted to the hard disk as well as to RAM, eliminating the previous default limitation of 16 MB when mounted to memory—tempfs. If memory usage is preferred and swap is turned on, the /tmp directory can be mounted to tempfs with the memory space to be utilized when specified at packaging time. See the "Application /tmp Directory" section of the AXP Developer Guide for more information.

Basic Safeguards for Securing the Cisco AXP Router/Blade

To improve the security of your system, we suggest the following actions:

Telneting to router IP addresses must always be protected via username and password. Common pairs such as cisco, cisco should be avoided.

Users that are allowed access to routers should be classified further by assigning privilege levels (0-15) that allow for limiting actions that can be performed. Privilege level 0 is most restrictive, and level 15 is least restrictive.

Following this safeguard ensures that users attempting a privileged CLI operation need to go through #enable mode and password authorization.

Remote access to service modules via SSH is disabled by default. When enabling SSH access via the ip ssh server command, ensure that the username sysadmin password command is also configured. There are also provisions to encrypt this password. For more information, see the
"Secure Shell Access to the Service Module" section of the "Configuring the Application Service Environment" chapter of the relevant Cisco AXP User Guide—see Configuration Guides.

Limitations and Restrictions

The following limitations may be experienced when using Cisco AXP 1.6:

Verification Failed Error Message

Failure of the eventapid Process

Verification Failed Error Message

During system bootup of service modules ISM-300, SM-700, or SM-900, a verification failed error message may be shown on the console. The error message includes a line such as: "Application level programs verification FAILED!". (Refer to the Example below.)

Report the error message to Cisco Developer Support.

The system bootup should complete normally.

Example

The number of files and checksum mismatches may be more than are shown in this example. 

Verifying application level programs

NOTE: Beta release build, please report any startup verification failures.

Errors for oscore_manifest:

       Checksum mismatch on : /etc/useradd

Application level programs verification FAILED!

Note The following two filenames are examples only: oscore_manifest (in the third line of the example), and etc/useradd (in the fourth line of the example).

Failure of the eventapid Process

The eventapid daemon process may crash. After an eventapid failure, the system automatically restarts the eventapid daemon process.

The failure of the eventapid process is more likely to occur when the event notifications are higher than one event per second. The failure can occur on any hardware platform used with Cisco AXP. For a list of service modules refer to Table 2. Evidence of the eventapid failure is shown in the messages.log.

The show cores command displays the core files on the screen.

The show log message.log command shows messages such as the following: 

Dec  9 19:49:59 localhost err_handler: 2009 Dec  9 19:49:59 GMT +0000: err_handler:    
INFO AXP_eventapi eventapid_startup.sh startup "eventapid starting"

Dec  9 19:49:59 localhost err_handler: 2009 Dec  9 19:49:59 GMT +0000: err_handler:    
INFO AXP_eventapi eventapid_startup.sh startup "eventapid started"

Dec  9 19:49:59 localhost err_handler: 2009 Dec  9 19:49:59 GMT +0000: err_handler:   
ERROR AXP_startup host_status_monitor monitor eventapid[3217] is dead, restart [0] 
attempted

The show processes command gives a list of AXP processes. If the command is issued shortly before the system automatically restarts the eventapid daemon, then the eventapid daemon process is shown as "dead". If the command is issued after the eventapid daemon has restarted, the health status for the daemon is shown as "alive".

Workaround

After the eventapid process crashes, previously registered events become inactive. When the eventapid process restarts the application must reregister the events.

To reregister the events after the eventapid restarts, use a connection handler callback procedure in the application.

A status of 1 indicates that the eventapid daemon is alive. A status of 0 indicates that the eventapid daemon is dead.

Within the callback procedure, use the register API to reregister the events. Use the set connection handler API to set up the connection monitor to use this callback procedure. See "Java Example 2" in the "Event API" section of the relevant Cisco AXP User Guide—see Configuration Guides.

Caveats

Open caveats for Cisco AXP 1.6.1 are described in the "Open Caveats for Cisco AXP 1.6.1" section.

Caveats describe unexpected behavior or defects in Cisco software releases. Severity 1 caveats are the most serious caveats, severity 2 caveats are less serious, and severity 3 caveats are the least serious of these three severity levels.

To reach the Bug Toolkit, log in to Cisco.com and go to: http://www.cisco.com/pcgi-bin/Support/Bugtool/launch_bugtool.pl.  (If the defect that you have requested cannot be displayed, this may be due to one or more of the following reasons: the defect number does not exist, the defect does not have a customer-visible description yet, or the defect has been marked Cisco Confidential.) 

Open Caveats for Cisco AXP 1.6.1

The open caveat in Cisco AXP 1.6.1 is as follows:

CSCtc71725: Failure Message during an SRE Install

CSCtc71725: Failure Message during an SRE Install

Symptom    Occurs during an SRE install of Cisco AXP or CUE on an ISM-SRE-300-K9 service module that did not come with software pre-installed and contains a bootloader whose version is less than 2.1.22. The install initially fails and error message "corrupted Netboot Image detected" appears.

Conditions   The IP address and subnet mask of the service module as well as the TFTP server and gateway IP addresses are different in the bootloader compared to the configured settings in the Cisco ISR.

Workaround   Either a) Set the IP address and subnet mask correctly in the bootloader as well as the TFTP server and gateway IP addresses before issuing install CLI commands, or b) Let the install continue because the install succeeds on the second try, which is performed automatically by the SRE install command.

Related Documentation

The following sections describe the documentation available for the Cisco AXP and Cisco ISR's. Typically, these documents consist of hardware and software installation guides, Cisco IOS software configuration and command references, system error messages, feature modules, and other documents for  Cisco IOS Release.

Use these release notes with the documents listed in the following sections:

Software Documents

Platform-Specific Documents

Software Documents

Cisco AXP

The following documents are specific to the Cisco AXP. These documents can also be obtained from
the Support section of the following page: http://www.cisco.com/en/US/products/ps9701/index.html.

Cisco Application Extension Platform 1.6 Developer Guide

Cisco Application Extension Platform 1.6 User Guide

Cisco Application Extension Platform 1.6 Advanced Features Guide

Cisco Application Extension Platform 1.6 Command Reference

Open Source Software Licenses for Cisco AXP

CiscoWorks LMS

CiscoWorks LMS 3.2 or higher supports AXP 1.6.1.

Ciscoworks LMS 4.0

http://wwwin.cisco.com/nmtg/fieldportal/products/lms4/index.shtml.

Ciscoworks LMS 3.2

Refer to CiscoWorks LMS Data Sheets.

Platform-Specific Documents

Hardware installation guides, configuration and command reference guides, and additional documents specific to the Cisco ISR routers are available at:

Cisco Router Products

Cisco SRE Service Module Configuration and Installation Guide

Cisco 1900 Series Integrated Services Router Hardware Installation

Cisco 2800 Series Hardware Installation

Cisco 3900 Series and Cisco 2900 Series Hardware Installation Guide

Cisco 3900 Series, 2900 Series, and 1900 Series Integrated Services Routers Software Configuration Guide

Software Activation on Cisco Integrated Services Routers and Cisco Integrated Service Routers G2

Obtaining Documentation, Obtaining Support, and Security Guidelines

For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation. This guide lists all new and revised Cisco technical documentation. You can also subscribe to the guide using an RSS feed.

Notices

The following notices pertain to this software license.

OpenSSL/Open SSL Project

This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/).

This product includes cryptographic software written by Eric Young (eay@cryptsoft.com).

This product includes software written by Tim Hudson (tjh@cryptsoft.com).

License Issues

The OpenSSL toolkit stays under a dual license, i.e. both the conditions of the OpenSSL License and the original SSLeay license apply to the toolkit. See below for the actual license texts. Actually both licenses are BSD-style Open Source licenses. In case of any license issues related to OpenSSL please contact openssl-core@openssl.org.

OpenSSL License:

Copyright © 1998-2007 The OpenSSL Project. All rights reserved.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the copyright notice, this list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions, and the following disclaimer in the documentation and/or other materials provided with the distribution.

3. All advertising materials mentioning features or use of this software must display the following acknowledgment: "This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/)".

4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to endorse or promote products derived from this software without prior written permission. For written permission, please contact openssl-core@openssl.org.

5. Products derived from this software may not be called "OpenSSL" nor may "OpenSSL" appear in their names without prior written permission of the OpenSSL Project.

6. Redistributions of any form whatsoever must retain the following acknowledgment:

"This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/)".

THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT "AS IS"' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com).

Original SSLeay License:

Copyright © 1995-1998 Eric Young (eay@cryptsoft.com). All rights reserved.

This package is an SSL implementation written by Eric Young (eay@cryptsoft.com).

The implementation was written so as to conform with Netscapes SSL.

This library is free for commercial and non-commercial use as long as the following conditions are adhered to. The following conditions apply to all code found in this distribution, be it the RC4, RSA, lhash, DES, etc., code; not just the SSL code. The SSL documentation included with this distribution is covered by the same copyright terms except that the holder is Tim Hudson (tjh@cryptsoft.com).

Copyright remains Eric Young's, and as such any Copyright notices in the code are not to be removed. If this package is used in a product, Eric Young should be given attribution as the author of the parts of the library used. This can be in the form of a textual message at program startup or in documentation (online or textual) provided with the package.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the copyright notice, this list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

3. All advertising materials mentioning features or use of this software must display the following acknowledgement:

"This product includes cryptographic software written by Eric Young (eay@cryptsoft.com)".

The word `cryptographic' can be left out if the routines from the library being used are not cryptography-related.

4. If you include any Windows specific code (or a derivative thereof) from the apps directory (application code) you must include an acknowledgement: "This product includes software written by Tim Hudson (tjh@cryptsoft.com)".

THIS SOFTWARE IS PROVIDED BY ERIC YOUNG "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

The license and distribution terms for any publicly available version or derivative of this code cannot be changed. i.e. this code cannot simply be copied and put under another distribution license [including the GNU Public License].

Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1005R)

Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.

© 2010, Cisco Systems, Inc. All rights reserved.