PM75808: WMQ 710 SERIALNUMBER IN A LONG DISTINGUISHED NAME MAY FAIL SSLPEER MATCHING.

Obtain the fix for this APAR.

APAR status

• Closed as program error.

Error description

• WMQ 710 SERIALNUMBER in a Long Distinguished Name may fail
  SSLPEER matching.
  

Local fix

Problem summary

• ****************************************************************
  * USERS AFFECTED: All users of WebSphere MQ for z/OS Version 7 *
  *                 Release 1 Modification 0.                    *
  ****************************************************************
  * PROBLEM DESCRIPTION: After migrating to V710, a              *
  *                      distinguished name attribute in an SSL  *
  *                      certificate where the length is close   *
  *                      to the internal 256 byte limit may not  *
  *                      be matched against the SSLPEER channel  *
  *                      attribute and the channel may fail to   *
  *                      start with a CSQX626E error being       *
  *                      reported.                               *
  *                                                              *
  ****************************************************************
  * RECOMMENDATION:                                              *
  ****************************************************************
  In V710, additional attributes are parsed from an SSL
  distinguished name and stored in the internal cache to be
  matched against an SSLPEER channel attribute.
  
  Where the length of the data in an SSL certificate was already
  close to the 256 byte limit, these additional attributes may
  mean that it is no longer possible to match attributes that are
  close to the end of the parsed certificate string and a channel
  will fail to start, issuing the following message:
  
  "CSQX636E ++++ CSQXRCTL Distinguished name does not match peer
  name"
  

Problem conclusion

• Internal processing has been amended to increase the size of the
  internal SSL attribute cache for an SSL certificate. The SSLPEER
  channel attribute itself is still restricted to 256 bytes.
  100Y
  CMQXRSCL
  CMQXRSSG
  CSQXCCIS
  CSQXJST
  CSQXRSCL
  

Temporary fix

Comments

APAR Information

• APAR is sysrouted FROM one or more of the following:

• APAR is sysrouted TO one or more of the following:

  UK83908

Modules/Macros

• CMQXRSCL CMQXRSSG CSQXCCIS CSQXJST  CSQXRSCL
  

Fix information

• Fixed component name

  WMQ Z/OS V7

• Fixed component ID

  5655R3600

Applicable component levels

• R100 PSY UK83908

     UP13/01/16 P F301

Fix is available

• Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.