APAR status
Closed as program error.
Error description
If X.509 subject (subject distinguished name) value in the certificate contains only CN(Common Name) or CN comes at the end of X.509 subject value, then a StringIndexOutOfBoundsException occurs during hostnamechecking of SSL connection. For example, DNs like "CN=myhostname.com" or "OU=myorg,C=mycountry,CN=myhostname.com" can cause StringIndexOutOfBoundsException.
Local fix
Uncheck the 'SSL certificate host name checking' option in the SOAPRequest/HTTPRequest node
Problem summary
**************************************************************** USERS AFFECTED: All users of WebSphere Message Broker and IBM Integration Bus using the HTTPRequest or SOAPRequest nodes with SSL certificate hostname checking enabled. Platforms affected: z/OS, MultiPlatform **************************************************************** PROBLEM DESCRIPTION: If X.509 subject (subject distinguished name) value in the certificate contains only CN(Common Name) or CN comes at the end of X.509 subject value, then a StringIndexOutOfBoundsException occurs during hostnamechecking of SSL connection. For example, DNs like "CN=myhostname.com" or "OU=myorg,C=mycountry,CN=myhostname.com" can cause StringIndexOutOfBoundsException. There are a number of resource name changes between WebSphere Message Broker and IBM Integration Bus Version 9.0. For details visit http://pic.dhe.ibm.com/infocenter/wmbhelp/v9r0m0/topic/com.ibm.e tools.mft.doc/bb23814_.htm
Problem conclusion
The product now correctly performs hostname checking during SSL connection creation. --------------------------------------------------------------- The fix is targeted for delivery in the following PTFs: Version Maintenance Level v10.0 10.0.0.9 v8.0 8.0.0.9 v9.0 9.0.0.8 The latest available maintenance can be obtained from: http://www-01.ibm.com/support/docview.wss?rs=849&uid=swg27006041 If the maintenance level is not yet available,information on its planned availability can be found on: http://www-1.ibm.com/support/docview.wss?rs=849&uid=swg27006308 ---------------------------------------------------------------
Temporary fix
Comments
APAR Information
APAR number
IT19028
Reported component name
WEB MESSAGE BRO
Reported component ID
5724J0520
Reported release
800
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2017-01-30
Closed date
2017-05-25
Last modified date
2017-05-25
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WEB MESSAGE BRO
Fixed component ID
5724J0520
Applicable component levels
[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSKM8N","label":"WebSphere Message Broker"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.0","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]
Document Information
Modified date:
25 May 2017