IJ04910: WHILE USING LDAP CRL, THE CRL DISTRIBUTION POINT TIMEOUT VALUE IS IGNORED.
Closed as program error.
Error Message: Some certificates use LDAP CRL endpoint for certificate revocation status validation. When the CRL endpoint is not reachable, a Java thread that performs the CRL validation waits until the underlying network times out, resulting in slow response from the LDAP server. Setting com.sun.jndi.ldap.connect.timeout environment variable and com.ibm.security.crls.timeout system property settings do not have an impact since these values are ignored by the IBM SDK. . Stack Trace: N/A . The issue could result in a slow LDAP server response when LDAP server is not reachable.
Disable real-time CRL end points checking if the underlying network timeout value degrades the LDAP server?s response.
While using LDAP CRL, CRL Distribution Point timeout value is ignored.
A change is made to the IBM Certification Path Provider The associated Hursley RTC Problem Report is 137442 The associated Austin CMVC defect is 117811 JVMs affected: Java 7.0, Java 727 and Java 8.0 The fix was delivered for Java 7.0 SR10FP25, Java 727 SR4FP25, and Java 8 SR5FP15 The affected jar is "ibmcertpathprovider.jar" The build level of this jar for the affected releases is "20180307" The JVM has been updated to respond to time out values set by the user while using LDAP Distribution Point for checking Certificate revocation status. A timeout value is set before establishing a connection with LDAP server that is being used as. a CRL Distribution Point. The timeout value is determined as follows: The SDK first uses the environment property com.sun.jndi.ldap.connect.timeout. If the environment variable is not set, the SDK uses the com.ibm.security.crls.timeout system property. If the both the environment variable and the system property are not set, then the SDK uses a default timeout value of 15 seconds. . This APAR will be fixed in the following Java Releases: 8 SR5 FP15 (188.8.131.52) 7 R1 SR4 FP25 (184.108.40.206) 7 SR10 FP25 (220.127.116.11) . Contact your IBM Product's Service Team for these Service Refreshes and Fix Packs. For those running stand-alone, information about the available Service Refreshes and Fix Packs can be found at: https://www.ibm.com/developerworks/java/jdk/
Reported component name
Reported component ID
NoSpecatt / Xsystem
Last modified date
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fixed component name
Fixed component ID