IJ27139: THE JAVA 8 IBM CERTPATH PROVIDER DOES NOT HONOR THE USER SPECIFIED SYSTEM PROPERTY FOR CRL CONNECT TIMEOUT.

APAR status

Closed as program error.

Error description

Error Message: N/A
.
Stack Trace: N/A
.
When a user explicitly specifies a CRL connect timeout value for
"http" CRL distribution points using the Java system property
-Dcom.ibm.security.crls.timeout=n,
the specified value is ignored and a default value of 15 seconds
is used instead.
That system property is ignored for "ldap" CRL distribution
points.
The user should be able set the connect timeout for both "http"
and "ldap" CRL distribution points using the
-Dcom.ibm.security.crls.timeout=n Java system property

Local fix

For "ldap" CRL distribution points, the user should be able to
work around this problem by specifying the environment variable
com.sun.jndi.ldap.connect.timeout

Problem summary

When a user explicitly specifies a CRL connect timeout value for
"http" CRL distribution points using the Java system property
-Dcom.ibm.security.crls.timeout=n,
the specified value is ignored and a default value of 15 seconds
is used instead.
That system property is ignored for "ldap" CRL distribution
points.
The user should be able set the connect timeout for both "http"
and "ldap" CRL distribution points using the
-Dcom.ibm.security.crls.timeout=n Java system property

Problem conclusion

Updates have been made to the Java 8 CertPath provider to
correctly handle the user specified connect timeout value for
both "http" and "ldap" CRL distribution points.
The jar affected by this apar is  ibmcertpathprovider.jar.
The associated Hursley RTC Problem Report is 144121.
The associated Austin Git issue is Issue#21 for CertPath.
The associated Austin APAR is APAR IJ26959.
JVMs affected include: Java 8.0.
The fix was delivered for  Java 8.0 sr6 fp25.



.
This APAR will be fixed in the following Java Releases:
   8    SR6 FP25  (8.0.6.25)
   7    SR10 FP75 (7.0.10.75)
   7 R1 SR4 FP75  (7.1.4.75)
.
Contact your IBM Product's Service Team for these Service
Refreshes and Fix Packs.
For those running stand-alone, information about the available
Service Refreshes and Fix Packs can be found at:
           https://www.ibm.com/developerworks/java/jdk/

Temporary fix

Comments

APAR Information

APAR number
IJ27139
Reported component name
SECURITY
Reported component ID
620700125
Reported release
260
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2020-08-19
Closed date
2020-08-20
Last modified date
2020-11-20

APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name
SECURITY
Fixed component ID
620700125

Applicable component levels

[{"Line of Business":{"code":"LOB36","label":"IBM Automation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"260"}]

Document Information

Modified date:
21 November 2020

Tips

IJ27139: THE JAVA 8 IBM CERTPATH PROVIDER DOES NOT HONOR THE USER SPECIFIED SYSTEM PROPERTY FOR CRL CONNECT TIMEOUT.

Subscribe to this APAR

APAR status

Closed as program error.

Error description

Local fix

Problem summary

Problem conclusion

Temporary fix

Comments

APAR Information

APAR number

Reported component name

Reported component ID

Reported release

Status

PE

HIPER

Special Attention

Submitted date

Closed date

Last modified date

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name

Fixed component ID

Applicable component levels

Document Information

Share your feedback

Need support?