IBM Support

IJ26959: THE IBMCERTPATH PROVIDER DOES NOT HONOR THE USER SPECIFIED CRL CONNECTION TIMEOUT VALUE -DCOM.IBM.SECURITY.CRLS.TIMEOUT=N)

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • When a user explicitly specifies a CRL connect timeout value for
    "http" CRL distribution points using the Java system property
    -Dcom.ibm.security.crls.timeout=n,
    the specified value is ignored and a default value of 15000
    millisecs is used instead.
    That system property is ignored for "ldap" CRL distribution
    points.
    The user should be able set the connect timeout for both "http"
    and "ldap" CRL distribution points using the
    -Dcom.ibm.security.crls.timeout=n  Java system property.
    

Local fix

  • N/A
    

Problem summary

  • PROBLEM SUMMARY:
    The Java 8 IBM CertPath provider does not honor the user
    specified system property for CRL connect timeout.
    ERROR DESCRIPTION:
    When a user explicitly specifies a CRL connect timeout value
    for "http" CRL distribution points using the Java system
    property -Dcom.ibm.security.crls.timeout=n,
    the specified value is ignored and a default value of 15
    seconds is used instead.
    That system property is ignored for "ldap" CRL distribution
    points.
    The user should be able set the connect timeout for both "http"
    and "ldap" CRL distribution points using the
    -Dcom.ibm.security.crls.timeout=n Java system property
    

Problem conclusion

  • Updates have been made to the Java 8 CertPath provider to
    correctly handle the user specified connect timeout value for
    both "http" and "ldap" CRL distribution points.
    The jar affected by this apar is  ibmcertpathprovider.jar.
    The associated Hursley RTC Problem Report is 144121.
    The associated Austin Git issue is Issue#21 for CertPath.
    The associated Austin APAR is APAR IJ26959.
    JVMs affected include: Java 8.0.
    The fix was delivered for  Java 8.0 sr6 fp25.
    The build level of the ibmcertpathprovider.jar delivered for
    Java 8.0 is build-68.
    

Temporary fix

Comments

APAR Information

  • APAR number

    IJ26959

  • Reported component name

    TIV JAVA CERT P

  • Reported component ID

    TIVSECJCP

  • Reported release

    600

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2020-08-17

  • Closed date

    2020-08-20

  • Last modified date

    2020-11-18

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Modules/Macros

  •    None
    999
    

Fix information

  • Fixed component name

    TIV JAVA CERT P

  • Fixed component ID

    TIVSECJCP

Applicable component levels

[{"Line of Business":{"code":null,"label":null},"Business Unit":{"code":"BU008","label":"Security"},"Product":{"code":"SSWKFH","label":"Tivoli Components - Java Security"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"600"}]

Document Information

Modified date:
19 November 2020