IV01545: CLIENT THROWS THE 'HTTPS HOSTNAME WRONG' MESSAGE INTERMITTENTLY

APAR status

• Closed as program error.

Error description

• Error Message: Customer reports that when they use their
  application to connect to a backend repository via SSL they are
  receiving intermittently the error below.
  IQQG0020E java.io.IOException: HTTPS hostname wrong:  should be
  <r1pvwmwb01.rb.win.frb.org>
        java.lang.Throwable.%3Cinit%3E(Throwable.java:67)
        com.ibm.net.ssl.www2.protocol.https.c.b(c.java:107)
  
  com.ibm.net.ssl.www2.protocol.https.c.afterConnect(c.java:117)
        com.ibm.net.ssl.www2.protocol.https.d.connect(d.java:39)
        com.ibm.net.ssl.www2.protocol.https.b.connect(b.java:83)
  .
  Stack Trace: N/A
  .
  

Local fix

Problem summary

• Internally the Java Security DerValue class stores its
  der-encoded data within a DerInputStream object.
  Various DerValue methods read the contents of this
  DerInputStream to extract that data and perform their
  processing.  When multiple threads are simultaneously accessing
  these DerValue methods, serialized access to the
  DerInputStream is required. Otherwise the current read position
  in the stream can be unexpectedly modified for
  thread A by thread B.  Within most DerValue methods, that
  serialization logic was already present.  Within one
  method it was missing.
  

Problem conclusion

• This defect will be fixed in:
  1.4.2 SR14
  5.0.0 SR13
  6.0.0 SR10
  .
  The missing serialization logic was added.
  .
  To obtain the fix:
  Install build 20110609 or later
  

Temporary fix

Comments

APAR Information

• APAR is sysrouted FROM one or more of the following:

  PM40925

• APAR is sysrouted TO one or more of the following:

Fix information

• Fixed component name

  JAVA 5 SECURITY

• Fixed component ID

  620500125

Applicable component levels

• R500 PSY

     UP