A fix is available
APAR status
Closed as program error.
Error description
Webservice security is being used and the private key is defined via PCICC using RSA instead of ICSF as normally seen. . The failing call is: XSECKeyInfoResolverZos::resolvePrivateKey resulting in a call to the security manager via IRRSDL00. Trace shows SAF 00000008,0000000 ESM 00000008,00000030. Eyecatcher shows: XSECKeyInfoResolverZos::resolvePrivateKey - An output area is not long enough. One or more of the following input length fields were too small: Certificate_length, Private_key_length, or Subjects_DN_length. The length field(s) returned, contain the ammount of storage needed for the service to successfully return . SAF trace to GTF shows the first call to R_datalib is for DataGetFirst. Upon return from this call the RCs are 8,8,30x and RACF has changed the Certificate_length from x'400' to x'530'. . There appears to be a need for a follow-up call for function DataAbortQuery but this is not being done. Additional Symptom(s) Search Keyword(s): XSECKey InfoResolver Zos resolve PrivateKey KIXREVSCB
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: All CICS Users * **************************************************************** * PROBLEM DESCRIPTION: Certificate length error when using * * Web Services Security. * **************************************************************** * RECOMMENDATION: * **************************************************************** A SOAP FAULT is issued when using Web Services Security with the following XSECException information appearing in the trace: "XSECKeyInfoResolverZos::resolvePrivateKey - An output area is not long enough. One or more of the following input length fields were too small: Certificate_length, Private_key_length, or Subjects_DN_length. The length field(s) returned contain the amount of storage needed for the service to successfully return data." This problem has occurred because the X509 certificate (in DER form) is larger than the buffer CICS provided to process it.
Problem conclusion
Web Services Security support has been altered to increase its buffer sizes to handle larger certificates. The CICS Transaction Server for z/OS Version 3 Release 1, Web Services Guide (SC34-6458-06) will be updated as follows: In Chapter 14 "Support for Web Services Security", under the "Prerequisites" section, change all references to version 1.7 of the XML toolkit to version 1.9. . Also remove both the reference to hlq.SCLBDLL in point 4 of the Prerequisites section, and the subsequent description of its use: "IOSTREAM is provided by the C++ runtime and is found in hlq.SCLBDLL;"
Temporary fix
FIX AVAILABLE BY PTF ONLY
Comments
**** PE09/08/03 PTF IN ERROR. SEE APAR PK86494 FOR DESCRIPTION **** PE09/12/03 FIX IN ERROR. SEE APAR PK97657 FOR DESCRIPTION
APAR Information
APAR number
PK65352
Reported component name
CICSTS V3 Z/OS
Reported component ID
5655M1500
Reported release
400
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2008-04-30
Closed date
2008-10-24
Last modified date
2009-12-15
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UK41028 UK41029
Modules/Macros
DFHWSSE1 DFHWS002 DFHWS003 DFHWS004 DFHWS005 DFHWS006 DFHWS007 DFHWS008 DFHWS009 DFHWS010 DFHWS011 DFHWS012 DFHWS013 DFHWS014 DFHWS015 DFHWS016 DFHWS017 DFHWS018 DFHWS019 DFHWS020 DFHWS021 DFHWS022 DFHWS023 DFHWS024 DFHWS025 DFHWS026 DFHWS027 DFHWS028 DFHWS029 DFHWS030 DFHWS031 DFHWS032 DFHWS033 DFHWS034 DFHWS035 DFHWS036 DFHWS037 DFHWS038 DFHWS039 DFHWS040 DFHWS041 DFHWS042 DFHWS043 DFHWS044 DFHWS045 DFHWS046 DFHWS047 DFHWS048 DFHWS049 DFHWS050 DFHWS051 DFHWS052 DFHWS053 DFHWS054 DFHWS055 DFHWS056 DFHWS057 DFHWS058 DFHWS059 DFHWS060 DFHWS061 DFHWS062 DFHWS063 DFHWS064 DFHWS065 DFHWS066 DFHWS067 DFHWS068 DFHWS069 DFHWS070 DFHWS071 DFHWS072 DFHWS073 DFHWS074 DFHWS075 DFHWS076 DFHWS077 DFHWS078 DFHWS079 DFHWS080 DFHWS081 DFHWS082 DFHWS083 DFHWS084 DFHWS085 DFHWS086 DFHWS087 DFHWS088 DFHWS089 DFHWS090 DFHWS091 DFHWS092 DFHWS093 DFHWS094 DFHWS122 DFHWS123 DFHXUCAN DFHXUSUB
SC34645806 |
Fix information
Fixed component name
CICSTS V3 Z/OS
Fixed component ID
5655M1500
Applicable component levels
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"3.1","Edition":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"3.1","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
15 December 2009