Fixes are available
8.0.0.11: WebSphere Application Server V8.0 Fix Pack 11
8.5.5.7: WebSphere Application Server V8.5.5 Fix Pack 7
8.5.5.8: WebSphere Application Server V8.5.5 Fix Pack 8
8.0.0.12: WebSphere Application Server V8.0 Fix Pack 12
8.5.5.9: WebSphere Application Server V8.5.5 Fix Pack 9
8.5.5.10: WebSphere Application Server V8.5.5 Fix Pack 10
8.5.5.11: WebSphere Application Server V8.5.5 Fix Pack 11
8.0.0.13: WebSphere Application Server V8.0 Fix Pack 13
8.5.5.12: WebSphere Application Server V8.5.5 Fix Pack 12
8.0.0.14: WebSphere Application Server V8.0 Fix Pack 14
8.5.5.13: WebSphere Application Server V8.5.5 Fix Pack 13
8.0.0.15: WebSphere Application Server V8.0 Fix Pack 15
8.5.5.14: WebSphere Application Server V8.5.5 Fix Pack 14
8.5.5.15: WebSphere Application Server V8.5.5 Fix Pack 15
8.5.5.17: WebSphere Application Server V8.5.5 Fix Pack 17
8.5.5.20: WebSphere Application Server V8.5.5.20
8.5.5.18: WebSphere Application Server V8.5.5 Fix Pack 18
8.5.5.19: WebSphere Application Server V8.5.5 Fix Pack 19
8.5.5.16: WebSphere Application Server V8.5.5 Fix Pack 16
8.5.5.21: WebSphere Application Server V8.5.5.21
APAR status
Closed as program error.
Error description
Customers migrating from DGW cannot use SSL-related environment variables, for example, in a CGI script.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: Users of IBM HTTP Server (powered by * * Apache) on * * z/OS migrating from the IBM HTTP Server 5.3 * * (powered by Domino) * **************************************************************** * PROBLEM DESCRIPTION: A number of SSL client certificate * * envvars * * available to CGI scripts have slightly * * different names in the two webservers * **************************************************************** * RECOMMENDATION: * **************************************************************** The non-standard environment variable names used by the two servers were not the same. This would require some CGI authors port scripts to tolerate both webservers.
Problem conclusion
mod_ibm_ssl was updated to additionally set the SSL client certificate environment variables names as used in IBM HTTP Serv 5.3: HTTPS_SESSION_ID HTTPS_SESSION_ID_NEW HTTPS_CLIENT_CERT_LEN HTTPS_CLIENT_CERT HTTPS_CLIENT_CERT_SERIAL_NUM HTTPS_CLIENT_CERT_DISTINGUISHED_NAME HTTPS_CLIENT_CERT_COMMON_NAME HTTPS_CLIENT_CERT_STATE_OR_PROVINCE HTTPS_CLIENT_CERT_COUNTRY HTTPS_CLIENT_CERT_LOCALITY HTTPS_CLIENT_CERT_ORGANIZATION HTTPS_CLIENT_CERT_ORG_UNIT HTTPS_CLIENT_CERT_ISSUER_DISTINGUISHED_NAME HTTPS_CLIENT_CERT_ISSUER_COMMON_NAME HTTPS_CLIENT_CERT_ISSUER_COUNTRY HTTPS_CLIENT_CERT_ISSUER_LOCALITY HTTPS_CLIENT_CERT_ISSUER_ORGANIZATION HTTPS_CLIENT_CERT_ISSUER_ORG_UNIT HTTPS_CLIENT_CERT_ISSUER_STATE_OR_PROVINCE This fix is targeted for IBM HTTP Server fix packs: - 7.0.0.39 - 8.0.0.11 - 8.5.5.7
Temporary fix
Comments
APAR Information
APAR number
PI39439
Reported component name
IBM HTTP SERVER
Reported component ID
5724J0801
Reported release
850
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2015-04-21
Closed date
2015-05-15
Last modified date
2015-05-15
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
IBM HTTP SERVER
Fixed component ID
5724J0801
Applicable component levels
R850 PSY
UP
Document Information
Modified date:
07 September 2022