IZ43907: IBM JSSE2 CLIENT THROWS FATAL ALERT (DESCRIPTION = INTERNAL_ERROR) WHEN ENCOUNTERING SERVER CERT NOT TRUSTED.

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • IBM JDK 160 SR3
    
    IBM JSSE2 component
    
    Description:  When custom TrustMananager is used and the
    handshake does not succeed due to certificate_unknown (per SSL
    protocol), a  fatal, description = internal_error may result
    instead of fatal, description = certificate_unknown.
    
    JVM affected:  1.4.2, 1.5.0, 1.6.0
    jar affected:  ibmjsseprovider2.jar
    

Local fix

  • Level 3 to update
    

Problem summary

  • When custom TrustMananager is used and the handshake does not
    succeed due to certificate_unknown
                      (per SSL protocol), a  fatal, description =
    internal_error will result instead of fatal,
                      description = certificate_unknown when custom
    TrustManager throws CertificateException
                      without setting a message.
    

Problem conclusion

  • Handle null message from CertificateException.
    
    Workaround: Have custom trustManager set message when
    CertificateException is thrown.
    
    The problem is fixed using in the
                            IBMJSSEProvider2.jar dated 20090216 -
    JVM 1.4.2 sr14
                            IBMJSSEProvider2.jar dated 20090218 -
    JVM 1.5.0 sr10
                            IBMJSSEProvider2.jar dated 20090216 -
    JVM 1.6.0 sr5
    
    Hursley Defect 146771
    

Temporary fix

Comments

APAR Information

  • APAR number

    IZ43907

  • Reported component name

    JAVA SECURE SOC

  • Reported component ID

    TIVSECJSS

  • Reported release

    100

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2009-02-16

  • Closed date

    2009-02-20

  • Last modified date

    2009-02-20

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    JAVA SECURE SOC

  • Fixed component ID

    TIVSECJSS

Applicable component levels

  • R100 PSY

       UP



Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

Tivoli Components - Java Security
JSSE

Software version:

100

Reference #:

IZ43907

Modified date:

2009-02-20

Translate my page

Machine Translation

Content navigation