IBM Support

IT19081: SSL HOSTNAME CHECKING FAILURE WHEN SUBJECT-ALTS HAVE A MATCHING VALUE.

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • When one of the subject alternative name values matches to the
    hostname in SOAPRequest/HTTPRequest node, the node may still
    throw error:
    
    BIP3165 An error occurred whilst performing an SSL socket
    operation Operation: 'connect'.
    Error Text: 'javax.net.ssl.SSLPeerUnverifiedException: SSL Peer
    certificate did not match host name'.
    

Local fix

  • NA
    

Problem summary

  • ****************************************************************
    USERS AFFECTED:
    All users of WebSphere Message Broker and IBM Integration Bus
    using HTTPRequest or SOAPRequest node with SSL certificate
    hostname checking enabled.
    
    
    Platforms affected:
    z/OS, MultiPlatform
    
    ****************************************************************
    PROBLEM DESCRIPTION:
    Even when one of the subject alternative name values of the SSL
    certificate matches to the hostname in SOAPRequest/HTTPRequest
    node, the node may still throw error:
    
    BIP3165 An error occurred whilst performing an SSL socket
    operation Operation: 'connect'.
    Error Text: 'javax.net.ssl.SSLPeerUnverifiedException: SSL Peer
    certificate did not match host name'.
    
    
    There are a number of resource name changes between WebSphere
    Message Broker and IBM Integration Bus Version 9.0.  For details
    visit
    http://pic.dhe.ibm.com/infocenter/wmbhelp/v9r0m0/topic/com.ibm.e
    tools.mft.doc/bb23814_.htm
    

Problem conclusion

  • The HTTPRequest/SOAPRequest nodes no longer throw exceptions
    when hostname matches to one of the subject alternative names of
    the SSL certificate.
    
    ---------------------------------------------------------------
    The fix is targeted for delivery in the following PTFs:
    
    Version    Maintenance Level
    v10.0      10.0.0.7
    v8.0       8.0.0.9
    v9.0       9.0.0.8
    
    The latest available maintenance can be obtained from:
    http://www-01.ibm.com/support/docview.wss?rs=849&uid=swg27006041
    
    If the maintenance level is not yet available,information on
    its planned availability can be found on:
    http://www-1.ibm.com/support/docview.wss?rs=849&uid=swg27006308
    ---------------------------------------------------------------
    

Temporary fix

Comments

APAR Information

  • APAR number

    IT19081

  • Reported component name

    WEB MESSAGE BRO

  • Reported component ID

    5724J0520

  • Reported release

    800

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2017-02-02

  • Closed date

    2017-06-09

  • Last modified date

    2017-06-09

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WEB MESSAGE BRO

  • Fixed component ID

    5724J0520

Applicable component levels

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSKM8N","label":"WebSphere Message Broker"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.0","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]

Document Information

Modified date:
09 June 2017