Fixes are available
APAR status
Closed as program error.
Error description
When using SSL to secure channels in WebSphere MQ V7, and setting the attribute CDPCheckExtensions=YES in the qm.ini file the following error is generated when attempting to connect the channels. AMQ9666: Error accessing CRL LDAP servers; SSL channel 'XXXXXXX.YYYYYYYYY'. The AMQ9666 error is not necessarily related to LDAP. No FDC files were generated.
Local fix
In the qm.ini, file set CDPCheckExtensions=NO
Problem summary
**************************************************************** USERS AFFECTED: WMQ V7 user having certificate revocation list (CRL) setup as Online Certificate Status Protocol (OCSP) or CrlDistributionPoint (CDP). Platforms affected: Windows,All Unix **************************************************************** PROBLEM SUMMARY: WMQ uses default buffer size of 204800 bytes to accept a response from a HTTP Server when retrieving a CRL and 20480 bytes to accept a response from a OCSP Responder. When the respective response exceeds the default value the channel fails to start giving errors like LDAP server not available, OCSP Response signature check fail or similar.
Problem conclusion
The default buffer size of OCSP and CDP has been increased in the WMQ code to cope up with the growing needs. --------------------------------------------------------------- The fix is targeted for delivery in the following PTFs: v7.0 Platform Fix Pack 7.0.1.8 -------- -------------------- Windows U200335 AIX U845856 HP-UX (PA-RISC) U847965 HP-UX (Itanium) U847970 Solaris (SPARC) U847966 Solaris (x86-64) U847972 Linux (x86) U847967 Linux (x86-64) U847971 Linux (zSeries) U847968 Linux (Power) U847969 v7.1 Platform Fix Pack 7.1.0.1 -------- -------------------- Windows 7.1.0.1 AIX 7.1.0.1 HP-UX (Itanium) 7.1.0.1 Solaris (SPARC) 7.1.0.1 Solaris (x86-64) 7.1.0.1 Linux (x86) 7.1.0.1 Linux (x86-64) 7.1.0.1 Linux (zSeries) 7.1.0.1 Linux (Power) 7.1.0.1 The latest available maintenance can be obtained from 'WebSphere MQ Recommended Fixes' http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006037 If the maintenance level is not yet available information on its planned availability can be found in 'WebSphere MQ Planned Maintenance Release Dates' http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006309 ---------------------------------------------------------------
Temporary fix
Comments
APAR Information
APAR number
IV04684
Reported component name
WMQ AIX V7
Reported component ID
5724H7221
Reported release
701
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2011-08-05
Closed date
2012-01-27
Last modified date
2012-01-31
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WMQ AIX V7
Fixed component ID
5724H7221
Applicable component levels
R701 PSY
UP
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSDEZSF","label":"IBM WebSphere MQ Managed File Transfer for z\/OS"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.0.1","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
31 March 2023