IZ45677: THE CERTPATH CLASS WHICH IMPLEMENTS LDAPCERTSTORES MAY RECEIVE ACONNECTIONEXCEPTION FROM JNDI WHEN GETTING DATA FROM LDAP SERVER
Closed as program error.
Component: Tivoli Java Security CERTPATH Problem Description: The CertPath class which implements LDAPCertStores (LDAPCertStoreImpl.jar) may receive a ConnectionException from JNDI when it attempts to get data from the LDAP server, possibly because the LDAP server has dropped the connection due to inactivity. JVM affected: 1.4.2, 5.0, and . 6.0 JARs affected: ibmcertpathprovider.jar Fix needed: The fix should enable LDAPCertStoreImpl to try to re-establish the connection when this exception is received.
Level 3 to updata
WebSphere was using JSSE for SSL, which in turn uses CertPath for certificate validation. While trying to retrieve a CRL from an LDAP server, the CertPath LDAPCertStoreImpl class was experiencing a CommunicationException while performing a getAttributes( ) call using its JNDI DirContext object. This CommunicationException was thrown by JNDI apparently because the LDAP server had dropped the connection due to inactivity. The LDAPCertStoreImpl logic expected that it would be able to use its JNDI DirContext object forever, and that JNDI would take care to re-establish communication with the LDAP server if the link connection were ever to drop. This argument was presented to JNDI developers. After some study, they asserted that it is the application's responsibility to re-establish the link connection (even though there is no awareness of a link connection by the application that holds the DirContext object). This APAR is being used to update the LDAPCertStoreImpl class, to enable it to re-establish the connection with the LDAP server (that is, re-create its DirContext object), whenever the getAttributes() call fails because of a CommunicationException.
This problem will be repaired in 1.4.2 SR13, 5.0 SR10 and 6.0 SR5 under Austin CMVC defect 106480 (Hursley defect 147204). Build levels for all releases is 20090302 ibmcertpathprovider.jar
Reported component name
TIV JAVA CERT P
Reported component ID
Last modified date
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fixed component name
TIV JAVA CERT P
Fixed component ID
Applicable component levels
More support for:
Tivoli Components - Java Security
Software version: 100
Reference #: IZ45677
Modified date: 11 March 2009