IBM Support

PK72096: DOCUMENT CHANGE FOR SSLCLIENTAUTHGROUP AND SSLCLIENTAUTHREQUIRE DIRECTIVES

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as documentation error.

Error description

  • The descriptions of the SSLClientAuthGroup and
    SSLClientAuthRequire directives, which are included in the
    SSL directives topic in the IBM HTTP Server for WebSphere
    Application Server V6.0.x and V6.1.x Information Centers,
    do not indicate that parentheses are required for attribute
    combinations that use AND, OR, or NOT.
    

Local fix

Problem summary

  • USERS AFFECTED: WebSphere Application Server V6.0.x and V6.1.x
    users who use the Secure Sockets Layer (SSL) directives when
    they configure the IBM HTTP Server.
    
    PROBLEM DESCRIPTION:  The examples for  the SSLClientAuthGroup
    and SSLClientAuthRequire directives, that are included in the
    IBM HTTP Server for WebSphere Application Server V6.0.x and
    V6.1.x Information Centers' topic, "SSL directives," do not
    include the parentheses that are required if you use  AND, OR,
    or NOT to link attribute values.
    
    PROBLEM SUMMARY: The examples of the SSLClientAuthGroup and
    SSLClientAuthRequire directives, that are included in the IBM
    HTTP Server for WebSphere Application Server V6.0.x and V6.1.x
    Information Centers' topic, "SSL directives," need to be updated
    to  include the parentheses that are required if you use  AND,
    OR, or NOT to link attribute values. The descriptions of these
    two directives should also be updated to more clearly indicate
    that these parentheses are a required part of the syntax for
    these directives when  combinations of attribute and value pairs
    are used to specify a client certificate setting.
    

Problem conclusion

  • The following changes will be made to the SSLClientAuthGroup
    directive, and SSLClientAuthRequire directive sections of the
    "SSL directives" topic that is contained in the IBM HTTP Server
    for WebSphere Application Server V6.0.x and V6.1.x Information
    Center:
    
    In the description of the SSLClientAuthGroup directive:
    
    The example  SSLClientAuthGroup IBMpeople Org = IBM  will be
    changed to  SSLClientAuthGroup IBMUSpeople (Org = IBM) AND
    (Country = US)
    
    The example  SSLClientAuthGroup (CommonName = "Fred Smith" OR
    CommonName =  "John Doe") AND Org = IBM  will be changed to
    SSLClientAuthGroup ((CommonName = "Fred Smith") OR (CommonName =
    "John Doe")) AND (Org = IBM)
    
    The example  SSLClientAuthGroup NotMNIBM ST != MN && Org = IBM
    will be changed to SSLClientAuthGroup NotMNIBM (ST != MN) &&
    (Org = IBM)
    
    The sentence "Use parentheses to group comparisons." will be
    changed to "Any comparisons that are linked with AND, OR, or NOT
    must be contained within parentheses."
    
    The sentence "Any comparisons that are linked with AND, OR, or
    NOT must be contained within parentheses." will be added after
    the sentence " You can logically use AND , OR, or NOT for
    multiple expressions to specify the desired grouping of client
    certificate attribute values."
    
    
    In the description of the SSLClientAuthRequire directive:
    
    The example  SSLClientAuthRequire group != IBMpeople && ST = M"
    will be changed to "SSLClientAuthRequire (group != IBMpeople) &&
    (ST = M)
    
    The example SSLClientAuthRequire (CommonName="John Doe" ||
    StateOrProvince=MN) && Org !=IBM will be changed to
    SSLClientAuthRequire ((CommonName="John Doe") ||
    (StateOrProvince=MN)) && (Org !=IBM)
    
    The example SSLClientAuthRequire group!=IBMpeople && ST=MN  will
    be changed to  SSLClientAuthRequire (group!=IBMpeople) &&
    (ST=MN)
    
    The sentence "Any comparisons that are linked with AND, OR, or
    NOT must be contained within parentheses." will be added after
    the sentence " You can logically use AND , OR, or NOT for
    multiple expressions to specify the desired grouping of client
    certificate attribute values."
    
    
    Date that information will be available to customers: October,
    2008.
    

Temporary fix

Comments

  • Changing to John Doe
    

APAR Information

  • APAR number

    PK72096

  • Reported component name

    IBM HTTP SERVER

  • Reported component ID

    5724J0801

  • Reported release

    60W

  • Status

    CLOSED DOC

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2008-09-15

  • Closed date

    2008-09-29

  • Last modified date

    2010-10-25

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

Applicable component levels

[{"Line of Business":{},"Business Unit":{"code":"BU029","label":"Software"},"Product":{"code":"SSEQTJ"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.0"}]

Document Information

Modified date:
25 September 2020