APAR status
Closed as program error.
Error description
Error Message: N/A . Stack Trace: N/A . 1. Customer is unable to work with their kdb file with either ikeyman or gsk7cmd. Both forms produce an error like the following: Error Code: 23 Exception: com.ibm.gsk.ikeyman.error.KeyManagerException: java.security.KeyStoreException: java.lang.NullPointerException 2. Elliptic Curve Certificate not supproted. 3. capicmd and ikeyman guides do not say that the output from '-cert -details' shows extensions. 4. AppScan CWE-22: Improper Limitation of a Pathname to a Restricted Directory (Path Traversal). 5. Appscan finding: CWE-327: Use of a Broken or Risky Cryptographic Algorithm.
Local fix
Problem summary
For #1: There are a pair of NON-UTF8 quotation marks "" in the labels which cause the NullPointerException. So the fix here is to correct the label names to ONLY UTF-8 chars or simply just remove the NON-UTF8 quotation marks from the labels. For #2: Added Elliptic Curve Certificate support For #3: Modified the doc accordingly. For #4: Fixed the finding. For #5: Fixed the finding.
Problem conclusion
This APAR will be fixed in the following Java Releases: 7 R1 SR1 (7.1.1.0) 7 SR7 (7.0.7.0) 6 R1 SR8 (6.1.8.0) 6 SR16 (6.0.16.0) . All Fixed.
Temporary fix
Comments
APAR Information
APAR number
IV54486
Reported component name
SECURITY
Reported component ID
620700125
Reported release
260
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2014-01-23
Closed date
2014-01-28
Last modified date
2014-04-30
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
SECURITY
Fixed component ID
620700125
Applicable component levels
R260 PSY
UP
R600 PSY
UP
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"260","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]
Document Information
Modified date:
07 December 2020