APAR status
Closed as new function.
Error description
Connecting to an integration node which has SSL enabled and has a proper TLS certificate using an address mentioned in the SAN field of the certificate through ACE toolkit works fine as expected whereas using a different address(like IP address) to connect to this Node, and address that is not in the SAN field of the cert, the connection still works without warning. The ACE Toolkit is not throwing a warning that the cert presented by the SSL Server is not for the address called.
Local fix
Problem summary
**************************************************************** USERS AFFECTED: All users of App Connect Enterprise V12 which enables hostname checking in the toolkit when connecting to an integration node by setting the JVMSystem property <span style="color:#ce9178">com.ibm.iapi.hostcheck</span> in the eclipse.ini file. Platforms affected: MultiPlatform **************************************************************** PROBLEM DESCRIPTION: Connecting to an integration node which has SSL enabled and has a proper TLS certificate using an address mentioned in the SAN field of the certificate through ACE toolkit works fine as expected whereas using a different address( for example: IP address) to connect to the Integration Node, and address that is not in the SAN field of the certificate, the connection still works without warning. The ACE Toolkit is not throwing a warning that the certificate presented by the SSL Server is not for the address called.
Problem conclusion
The product has been modified such that hostname checking is enabled in the toolkit so that when user tries to connect to an integration node which has SSL enabled using a different address(for example, IP address) that is not present in the SAN field of the certificate will now throw a warning that the certificate presented by the SSL Server is not for the address called. --------------------------------------------------------------- The fix is targeted for delivery in the following PTFs: Version Maintenance Level v12.0 12.0.9.0 The latest available maintenance can be obtained from: http://www-01.ibm.com/support/docview.wss?rs=849&uid=swg27006041 If the maintenance level is not yet available,information on its planned availability can be found on: http://www-1.ibm.com/support/docview.wss?rs=849&uid=swg27006308 ---------------------------------------------------------------
Temporary fix
Comments
APAR Information
APAR number
IT43418
Reported component name
APP CONN ENT TL
Reported component ID
5724J0561
Reported release
C00
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2023-03-23
Closed date
2023-06-28
Last modified date
2023-06-28
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
APP CONN ENT TL
Fixed component ID
5724J0561
Applicable component levels
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSDR5J","label":"IBM App Connect Enterprise"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"C00","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
29 June 2023