Description: In z/OS® V1R13, and earlier releases of System SSL, SAF key ring validation was designed to stop full validation at the first CA trust anchor in the SAF key ring. This support gives the capability to the application to indicate that certificate validation using SAF key rings must be performed up to and including the root CA certificate.
The certificate management API, gsk_validate_certificate_mode(), is enhanced to accept a new optional parameter to indicate full validation. The SSL/TLS APIs for setting and getting environment attributes are also enhanced to support a new attribute type (GSK_CERT_VALIDATE_KEYRING_ROOT) and two new enumeration values (GSK_CERT_VALIDATE_KEYRING_ROOT_ON and GSK_CERT_VALIDATE_KEYRING_ROOT_OFF) to indicate full or partial validation.
When change was introduced: z/OS V2R1