A fix is available
APAR status
Closed as program error.
Error description
The z/VSE Connector Client does not correctly handle intermediate CA certificates when it validates peer certificates during SSL/TLS handshake. This might cause SSL/TLS connections to be rejected when the peer certificate is signed by an intermediate CA certificate, even though the intermediate CA certificate is contained in the keyring used by the VSE Connector Client.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: All z/VSE Connector Client Users * **************************************************************** * PROBLEM DESCRIPTION: The z/VSE Connector Client does not * * correctly handle intermediate CA * * certificates when it validates peer * * certificates during SSL/TLS handshake. * * This might cause SSL/TLS connections to * * be rejected when the peer certificate * * is signed by an intermediate CA * * certificate, even though the * * intermediate CA certificate is * * contained in the keyring used by the * * VSE Connector Client. * **************************************************************** * RECOMMENDATION: Install this PTF * **************************************************************** The z/VSE Connector Client does not correctly handle intermediate CA certificates when it validates peer certificates during SSL/TLS handshake. This might cause SSL/TLS connections to be rejected when the peer certificate is signed by an intermediate CA certificate, even though the intermediate CA certificate is contained in the keyring used by the VSE Connector Client.
Problem conclusion
The VSE Connector Client code has been changed to accept peer certificates signed by an intermediate CA certificate in addition to peer certificates signed by a self-signed root certificate.
Temporary fix
Comments
APAR Information
APAR number
PH08671
Reported component name
VSE CONN. WS CO
Reported component ID
5686VS638
Reported release
62P
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2019-02-18
Closed date
2019-02-19
Last modified date
2019-03-15
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UI61366
Modules/Macros
IESINCON
Fix information
Fixed component name
VSE CONN. WS CO
Fixed component ID
5686VS638
Applicable component levels
R62P PSY UI61366
UP19/03/15 I 1000
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG32M","label":"APARs - VSE\/ESA environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"62P","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
15 March 2019