PM19056: DC ATTRIBUTE ENCODINGS AS IA5STRING AND PRINTABLESTRING
Closed as program error.
Error Message: While using the Java Security CertPath component to validate a certificate chain within which the Subject DN contains a "DC" attribute, the customer experiences a "certificate chaining error". . Stack Trace: N/A .
Some time ago, an error was discovered within the Java Security PKCS component where it would incorrectly DER encode the "DC" attribute of a distinguished name as a PrintableString. When this error was discovered, a fix was made to PKCS so that it would encode the "DC" attribute properly as an IA5String (refer to RFC 2253). Unfortunately, one or more IBM/Tivoli customers had already generated certificates which contained distinguished names with DC attributes encoded as PrintableString's. While trying to validate these older certificates with the Java Security CertPath component (and with the fix to PKCS above), these customers experienced a "certificate chaining error" because the updated PKCS component was trying to match a DC attribute encoded as an IA5String to one encoded as a PrintableString.
This defect will be fixed in: 1.4.2 SR13 FP8 5.0.0 SR12 6.0.0 SR9 . A fix has been made to the Java Security PKCS component which enables it to tolerate a "DC" attribute encoded as a PrintableString when it is comparing the attribute value pairs of a distinguished name. . To obtain the fix: Install build 20100918 or later
Reported component name
Reported component ID
Last modified date
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fixed component name
Fixed component ID
Applicable component levels