IBM Support

PK72096: DOCUMENT CHANGE FOR SSLCLIENTAUTHGROUP AND SSLCLIENTAUTHREQUIRE DIRECTIVES

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as documentation error.

Error description

  • The descriptions of the SSLClientAuthGroup and
SSLClientAuthRequire directives, which are included in the
SSL directives topic in the IBM HTTP Server for WebSphere
Application Server V6.0.x and V6.1.x Information Centers,
do not indicate that parentheses are required for attribute
combinations that use AND, OR, or NOT.

Local fix

  • 



Problem summary


    

  • USERS AFFECTED: WebSphere Application Server V6.0.x and V6.1.x
users who use the Secure Sockets Layer (SSL) directives when
they configure the IBM HTTP Server.

PROBLEM DESCRIPTION:  The examples for  the SSLClientAuthGroup
and SSLClientAuthRequire directives, that are included in the
IBM HTTP Server for WebSphere Application Server V6.0.x and
V6.1.x Information Centers' topic, "SSL directives," do not
include the parentheses that are required if you use  AND, OR,
or NOT to link attribute values.

PROBLEM SUMMARY: The examples of the SSLClientAuthGroup and
SSLClientAuthRequire directives, that are included in the IBM
HTTP Server for WebSphere Application Server V6.0.x and V6.1.x
Information Centers' topic, "SSL directives," need to be updated
to  include the parentheses that are required if you use  AND,
OR, or NOT to link attribute values. The descriptions of these
two directives should also be updated to more clearly indicate
that these parentheses are a required part of the syntax for
these directives when  combinations of attribute and value pairs
are used to specify a client certificate setting.

    



Problem conclusion


    

  • The following changes will be made to the SSLClientAuthGroup
directive, and SSLClientAuthRequire directive sections of the
"SSL directives" topic that is contained in the IBM HTTP Server
for WebSphere Application Server V6.0.x and V6.1.x Information
Center:

In the description of the SSLClientAuthGroup directive:

The example  SSLClientAuthGroup IBMpeople Org = IBM  will be
changed to  SSLClientAuthGroup IBMUSpeople (Org = IBM) AND
(Country = US)

The example  SSLClientAuthGroup (CommonName = "Fred Smith" OR
CommonName =  "John Doe") AND Org = IBM  will be changed to
SSLClientAuthGroup ((CommonName = "Fred Smith") OR (CommonName =
"John Doe")) AND (Org = IBM)

The example  SSLClientAuthGroup NotMNIBM ST != MN && Org = IBM
will be changed to SSLClientAuthGroup NotMNIBM (ST != MN) &&
(Org = IBM)

The sentence "Use parentheses to group comparisons." will be
changed to "Any comparisons that are linked with AND, OR, or NOT
must be contained within parentheses."

The sentence "Any comparisons that are linked with AND, OR, or
NOT must be contained within parentheses." will be added after
the sentence " You can logically use AND , OR, or NOT for
multiple expressions to specify the desired grouping of client
certificate attribute values."


In the description of the SSLClientAuthRequire directive:

The example  SSLClientAuthRequire group != IBMpeople && ST = M"
will be changed to "SSLClientAuthRequire (group != IBMpeople) &&
(ST = M)

The example SSLClientAuthRequire (CommonName="John Doe" ||
StateOrProvince=MN) && Org !=IBM will be changed to
SSLClientAuthRequire ((CommonName="John Doe") ||
(StateOrProvince=MN)) && (Org !=IBM)

The example SSLClientAuthRequire group!=IBMpeople && ST=MN  will
be changed to  SSLClientAuthRequire (group!=IBMpeople) &&
(ST=MN)

The sentence "Any comparisons that are linked with AND, OR, or
NOT must be contained within parentheses." will be added after
the sentence " You can logically use AND , OR, or NOT for
multiple expressions to specify the desired grouping of client
certificate attribute values."


Date that information will be available to customers: October,
2008.

    



Temporary fix


    

  • 



Comments


    

  • Changing to John Doe

    



APAR Information




    

  • APAR number
    PK72096
    • 

  • Reported component name
    IBM HTTP SERVER
    • 

  • Reported component ID
    5724J0801
    • 

  • Reported release
    60W
    • 

  • Status
    CLOSED  DOC
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2008-09-15
    • 

  • Closed date
    2008-09-29
    • 

  • Last modified date
    2010-10-25
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    



Applicable component levels


    








      
          
                    

          

          [{"Line of Business":{},"Business Unit":{"code":"BU029","label":"Software"},"Product":{"code":"SSEQTJ"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.0"}]
          

                    

        
        

        

      


      


        

            

            
Document Information


            

            


                        

            Modified date:
            

            25 September 2020
            

            
            
          

        


        

        


      


    


  





    

  



  
    
      

      
Page Feedback