IZ45677: THE CERTPATH CLASS WHICH IMPLEMENTS LDAPCERTSTORES MAY RECEIVE ACONNECTIONEXCEPTION FROM JNDI WHEN GETTING DATA FROM LDAP SERVER

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • Component: Tivoli Java Security CERTPATH
    
    Problem Description:
    The CertPath class which implements LDAPCertStores
    (LDAPCertStoreImpl.jar) may receive a ConnectionException from
    JNDI when it attempts to get data from the LDAP server, possibly
    because the LDAP server has dropped the connection due to
    inactivity.
    
    JVM affected:
    1.4.2, 5.0, and . 6.0
    
    JARs affected:
    ibmcertpathprovider.jar
    
    Fix needed:
    The fix should enable LDAPCertStoreImpl to try to re-establish
    the connection when this exception is received.
    

Local fix

  • Level 3 to updata
    

Problem summary

  • WebSphere was using JSSE for SSL, which in turn uses CertPath
    for certificate validation.
    
    While trying to retrieve a CRL from an LDAP server,
    the CertPath LDAPCertStoreImpl class was experiencing
    a CommunicationException while performing a getAttributes( )
    call
    using its JNDI DirContext object.
    
    This CommunicationException was thrown by JNDI apparently
    because
    the LDAP server had dropped the connection due to inactivity.
    The LDAPCertStoreImpl logic expected that it would be able to
    use its JNDI DirContext object forever, and that JNDI
    would take care to re-establish communication with the
    LDAP server if the link connection were ever to drop.
    
    This argument was presented to JNDI developers.
    After some study, they asserted that it is
    the application's responsibility to re-establish the link
    connection
    (even though there is no awareness of a link connection by the
    application
    that holds the DirContext object).
    
    This APAR is being used to update the LDAPCertStoreImpl class,
    to enable it to re-establish the connection with the LDAP server
    (that is, re-create its DirContext object), whenever the
    getAttributes()
    call fails because of a CommunicationException.
    

Problem conclusion

  • This problem will be repaired in 1.4.2 SR13, 5.0 SR10 and 6.0
    SR5 under
    Austin CMVC defect 106480 (Hursley defect 147204).
    Build levels for all releases is 20090302
    ibmcertpathprovider.jar
    

Temporary fix

Comments

APAR Information

  • APAR number

    IZ45677

  • Reported component name

    TIV JAVA CERT P

  • Reported component ID

    TIVSECJCP

  • Reported release

    100

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2009-03-11

  • Closed date

    2009-03-11

  • Last modified date

    2009-03-11

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    PK82368

Fix information

  • Fixed component name

    TIV JAVA CERT P

  • Fixed component ID

    TIVSECJCP

Applicable component levels

  • R100 PSY

       UP



Rate this page:

(0 users)Average rating

Document information


More support for:

Tivoli Components - Java Security

Software version:

100

Reference #:

IZ45677

Modified date:

2009-03-11

Translate my page

Machine Translation

Content navigation