IBM Support

IC98121: SSLPEER MATCHING FAILS WITH ERROR AMQ9636 IF THE DISTINGUISHED NAME CONTAINS A UID OR USERID ATTRIBUTE

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • When creating a digital certificate, you can specify several
    attributes that are now supported for use with MQ version 7.1
    and 7.5, however, if an SSLPEER value is specified on the
    receiving end of a channel that contains a UID or USERID
    attribute, SSL Peer matching fails and the connection is
    rejected by the queue manager.
    
    The UID and USERID attributes are not properly evaluated from
    the incoming certificate and the native OID (Object
    Identifier) value is seen by the queue manager instead.
    

Local fix

  • remove UID from the SSLPEER attribute value on the channel
    definition
    

Problem summary

  • ****************************************************************
    USERS AFFECTED:
    All users of MQ who use SSL enabled channels.
    
    
    Platforms affected:
    MultiPlatform
    
    ****************************************************************
    PROBLEM SUMMARY:
    Algorithm that parses the SSLPEER value wasn't parsing the UID
    or USERID attribute correctly. Due to which SSL Peer matching
    fails and the error "rrcE_SSL_UNMATCHED_PEERS" was seen at the
    receiver side during SSL Initialization.
    

Problem conclusion

  • SSLPEER parsing algorithm was updated to handle UID or USERID
    attribute correctly.
    
    ---------------------------------------------------------------
    The fix is targeted for delivery in the following PTFs:
    
    Version    Maintenance Level
    v7.1       7.1.0.5
    v7.5       7.5.0.4
    
    The latest available maintenance can be obtained from
    'WebSphere MQ Recommended Fixes'
    http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006037
    
    If the maintenance level is not yet available information on
    its planned availability can be found in 'WebSphere MQ
    Planned Maintenance Release Dates'
    http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006309
    ---------------------------------------------------------------
    

Temporary fix

Comments

APAR Information

  • APAR number

    IC98121

  • Reported component name

    WMQ BASE MULTIP

  • Reported component ID

    5724H7241

  • Reported release

    750

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2013-12-04

  • Closed date

    2013-12-16

  • Last modified date

    2013-12-16

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WMQ BASE MULTIP

  • Fixed component ID

    5724H7241

Applicable component levels

  • R750 PSY

       UP

[{"Line of Business":{"code":"LOB36","label":"IBM Automation"},"Business Unit":{"code":"BU053","label":"Cloud \u0026 Data Platform"},"Product":{"code":"SSFKSJ","label":"WebSphere MQ"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.5"}]

Document Information

Modified date:
23 September 2021