IBM Support

IV49976: OCSP REVOCATION CHECKING BROKEN FOR CERTPATH IN JAVA 8.

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

APAR status

  • Closed as program error.

Error description

  • Error Message: An update to the CertPath security component had
    been made for Java 8 which redefined the way that all of the
    OCSP security properties were read.  This update assumed that
    those properties were "Java system properties", not "Java
    security properties".  For that reason, CertPath was not
    successfully reading these properties, and, therefore, could not
    enable OCSP revocation checking.
    .
    Stack Trace: N/A
    .
    

Local fix

Problem summary

  • An update to the CertPath security component had been made for
    Java 8 which redefined the way that all of the OCSP security
    properties were read.  This update assumed that those properties
    were "Java system properties", not "Java security properties".
    For that reason, CertPath was not successfully reading these
    properties, and, therefore, could not enable OCSP revocation
    checking.
    

Problem conclusion

  • This defect will be fixed in:
    6.0.0 SR15
    6.0.1 SR7
    7.0.0 SR6
    .
    The CertPath security component was updated to read its OCSP
    properties as "Java security properties", not "Java system
    properties".
    

Temporary fix

Comments

APAR Information

  • APAR number

    IV49976

  • Reported component name

    SECURITY

  • Reported component ID

    620700125

  • Reported release

    600

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2013-09-24

  • Closed date

    2013-09-24

  • Last modified date

    2013-09-24

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    SECURITY

  • Fixed component ID

    620700125

Applicable component levels

  • R600 PSY

       UP

  • R260 PSY

       UP



Document information

More support for: Runtimes for Java Technology
Security

Software version: 6.0

Reference #: IV49976

Modified date: 24 September 2013