APAR status
Closed as program error.
Error description
Error Message: While using the Java Security CertPath component to validate a certificate chain within which the Subject DN contains a "DC" attribute, the customer experiences a "certificate chaining error". . Stack Trace: N/A .
Local fix
Problem summary
Some time ago, an error was discovered within the Java Security PKCS component where it would incorrectly DER encode the "DC" attribute of a distinguished name as a PrintableString. When this error was discovered, a fix was made to PKCS so that it would encode the "DC" attribute properly as an IA5String (refer to RFC 2253). Unfortunately, one or more IBM/Tivoli customers had already generated certificates which contained distinguished names with DC attributes encoded as PrintableString's. While trying to validate these older certificates with the Java Security CertPath component (and with the fix to PKCS above), these customers experienced a "certificate chaining error" because the updated PKCS component was trying to match a DC attribute encoded as an IA5String to one encoded as a PrintableString.
Problem conclusion
This defect will be fixed in: 1.4.2 SR14 5.0.0 SR12 6.0.0 SR9 . A fix has been made to the Java Security PKCS component which enables it to tolerate a "DC" attribute encoded as a PrintableString when it is comparing the attribute value pairs of a distinguished name. . To obtain the fix: Install build 20100918 or later
Temporary fix
Comments
APAR Information
APAR number
IZ80890
Reported component name
SECURITY
Reported component ID
620700125
Reported release
600
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2010-07-23
Closed date
2010-09-17
Last modified date
2010-09-17
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
SECURITY
Fixed component ID
620700125
Applicable component levels
R600 PSN
UP
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.0","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]
Document Information
Modified date:
07 December 2020