APAR status
Closed as program error.
Error description
Error Message: N/A . Stack Trace: N/A .
Local fix
Problem summary
JDK 8 is building the wrong certificate chain. It seems to rely on the Subject attribute for certificate validation instead of using Authority Key Identifier (AKI) and Subject Key Identifier (SKI) to build the certificate path. The problem does not happen with JDK 7.
Problem conclusion
Added PKCS12 Keystore Issuer Subject key ID checking to cert chain processing. The associated Hursley RTC Problem Report is: 142093 The associated Austin Git issue is: IBMJCE Issue#44 The fix was delivered for Java 8 SR6 The associated JAR file is ibmjceprovider.jar, build level 20190814 . This APAR will be fixed in the following Java Releases: 8 SR6 (8.0.6.0) . Contact your IBM Product's Service Team for these Service Refreshes and Fix Packs. For those running stand-alone, information about the available Service Refreshes and Fix Packs can be found at: https://www.ibm.com/developerworks/java/jdk/
Temporary fix
Comments
APAR Information
APAR number
IJ18349
Reported component name
SECURITY
Reported component ID
620700125
Reported release
270
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2019-08-14
Closed date
2019-09-05
Last modified date
2019-11-12
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
SECURITY
Fixed component ID
620700125
Applicable component levels
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"270","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]
Document Information
Modified date:
07 December 2020