PH50046: DEFINE SVRCONN CHANNEL WITH THE CERTLABL ATTRIBUTE DOES NOT PROPAGATE THE CERTIFICATE CACHE IF USING THE LIKE PARAMETER

Obtain the fix for this APAR.

APAR status

• Closed as program error.

Error description

• When a channel is defined to be LIKE another channel and
  inherits its CERTLABL attribute without being explicitly set by
  the DEFINE command then we do not correctly recognize that the
  certificate label cache needs to be updated.
  
  This forces the customer to issue a  "Refresh Security
  Type(ssl)" command to get the cache in sync.
  

Local fix

• Define the channel without using the LIKE parameter (all other
  parameters would need to be provided), or after creating the
  channel, if you use the ALTER CHL command to reset the CERTLABL
  attribute then this should force a rebuild of the label cache.
  

Problem summary

• ****************************************************************
  * USERS AFFECTED: All users of IBM MQ for z/OS Version 9       *
  *                 Release 2 Modification 0 and Release 3       *
  *                 Modification 0.                              *
  ****************************************************************
  * PROBLEM DESCRIPTION: When creating a new channel with a      *
  *                      CERTLABL attribute to use a non-default *
  *                      SSL certificate, the CERTLABL is being  *
  *                      ignored if the channel has been defined *
  *                      using the LIKE parameter unless a       *
  *                      "Refresh Security Type(SSL)" command is *
  *                      issued.                                 *
  ****************************************************************
  The code which handles the defining of a new channel using the
  LIKE parameter was not informing the channel initiator that the
  CERTLABL attribute needed to be applied to the new channel.
  Therefore the new channel was not being added to the
  cache of channel names and their respective CERTLABL names.
  

Problem conclusion

• The code has been changed to inform the channel initiator that
  the CERTLABL attribute needs to be applied to the new channel.
  As a result, the cache is being correctly updated and the
  CERTLABL on the new channel is not being ignored so a "Refresh
  Security Type(SSL)" command is not required.
  

Temporary fix

Comments

APAR Information

• APAR is sysrouted FROM one or more of the following:

• APAR is sysrouted TO one or more of the following:

  UI91031 UI91032

Modules/Macros

• CSQMCNAC
  

Fix information

• Fixed component name

  IBM MQ Z/OS V9

• Fixed component ID

  5655MQ900

Applicable component levels

• R200 PSY UI91032

     UP23/04/07 P F304

• R300 PSY UI91031

     UP23/04/07 P F304

Fix is available

• Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.