APAR status
Closed as documentation error.
Error description
The descriptions of the SSLClientAuthGroup and SSLClientAuthRequire directives, which are included in the SSL directives topic in the IBM HTTP Server for WebSphere Application Server V6.0.x and V6.1.x Information Centers, do not indicate that parentheses are required for attribute combinations that use AND, OR, or NOT.
Local fix
Problem summary
USERS AFFECTED: WebSphere Application Server V6.0.x and V6.1.x users who use the Secure Sockets Layer (SSL) directives when they configure the IBM HTTP Server. PROBLEM DESCRIPTION: The examples for the SSLClientAuthGroup and SSLClientAuthRequire directives, that are included in the IBM HTTP Server for WebSphere Application Server V6.0.x and V6.1.x Information Centers' topic, "SSL directives," do not include the parentheses that are required if you use AND, OR, or NOT to link attribute values. PROBLEM SUMMARY: The examples of the SSLClientAuthGroup and SSLClientAuthRequire directives, that are included in the IBM HTTP Server for WebSphere Application Server V6.0.x and V6.1.x Information Centers' topic, "SSL directives," need to be updated to include the parentheses that are required if you use AND, OR, or NOT to link attribute values. The descriptions of these two directives should also be updated to more clearly indicate that these parentheses are a required part of the syntax for these directives when combinations of attribute and value pairs are used to specify a client certificate setting.
Problem conclusion
The following changes will be made to the SSLClientAuthGroup directive, and SSLClientAuthRequire directive sections of the "SSL directives" topic that is contained in the IBM HTTP Server for WebSphere Application Server V6.0.x and V6.1.x Information Center: In the description of the SSLClientAuthGroup directive: The example SSLClientAuthGroup IBMpeople Org = IBM will be changed to SSLClientAuthGroup IBMUSpeople (Org = IBM) AND (Country = US) The example SSLClientAuthGroup (CommonName = "Fred Smith" OR CommonName = "John Doe") AND Org = IBM will be changed to SSLClientAuthGroup ((CommonName = "Fred Smith") OR (CommonName = "John Doe")) AND (Org = IBM) The example SSLClientAuthGroup NotMNIBM ST != MN && Org = IBM will be changed to SSLClientAuthGroup NotMNIBM (ST != MN) && (Org = IBM) The sentence "Use parentheses to group comparisons." will be changed to "Any comparisons that are linked with AND, OR, or NOT must be contained within parentheses." The sentence "Any comparisons that are linked with AND, OR, or NOT must be contained within parentheses." will be added after the sentence " You can logically use AND , OR, or NOT for multiple expressions to specify the desired grouping of client certificate attribute values." In the description of the SSLClientAuthRequire directive: The example SSLClientAuthRequire group != IBMpeople && ST = M" will be changed to "SSLClientAuthRequire (group != IBMpeople) && (ST = M) The example SSLClientAuthRequire (CommonName="John Doe" || StateOrProvince=MN) && Org !=IBM will be changed to SSLClientAuthRequire ((CommonName="John Doe") || (StateOrProvince=MN)) && (Org !=IBM) The example SSLClientAuthRequire group!=IBMpeople && ST=MN will be changed to SSLClientAuthRequire (group!=IBMpeople) && (ST=MN) The sentence "Any comparisons that are linked with AND, OR, or NOT must be contained within parentheses." will be added after the sentence " You can logically use AND , OR, or NOT for multiple expressions to specify the desired grouping of client certificate attribute values." Date that information will be available to customers: October, 2008.
Temporary fix
Comments
Changing to John Doe
APAR Information
APAR number
PK72096
Reported component name
IBM HTTP SERVER
Reported component ID
5724J0801
Reported release
60W
Status
CLOSED DOC
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2008-09-15
Closed date
2008-09-29
Last modified date
2010-10-25
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Applicable component levels
[{"Line of Business":{},"Business Unit":{"code":"BU029","label":"Software"},"Product":{"code":"SSEQTJ"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.0"}]
Document Information
Modified date:
25 September 2020