PQ67506: WEBSPHERE APPLICATION SERVER 4.0.4 IIS PLUGIN TRUNCATES END USERCERTIFICATE

 A fix is available

4.0.5: WebSphere Application Server Version 4.0 Fix Pack 5 (Version 4.0.5)



APAR status
Closed as program error.

Error description
IIS + WebSphere Application Server 4.0.4 plugin:
-
When accessing an end user certificate from a jsp
page the certificate gets truncated.
-
There are NO errors in the native.log, but you can clearly
see the  difference between the $WSCC: field in the WebSphere
Application Server 4.0.3 files compared to the WebSphere
Application Server 4.0.4 files -
If you try to access the end user certificate from a jsp page
I have a line like this
X509Certificate[] netCerts =
-
(X509Certificate[])request.getAttribute("javax.net.ssl.
peer_certificates");
-
Error recorded in the WebSphere Application Server log:
[2002-10-15 15:09:25:688 CEST]  bdbba2f HttpRequest
X PLGN0024E: No  certificates java.security.cert.
CertificateException: Unable to initialize,
java.io.IOException: extra data given to DerValue
constructor
Local fix Problem summary
****************************************************************
* USERS AFFECTED: WebSphere Application Server users of the    *
*                 webserver plugin for IIS.                    *
****************************************************************
* PROBLEM DESCRIPTION: The plugin truncates the client         *
*                      certificate before sending it over      *
*                      to the app server.                      *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
The plugin was truncating the client certificate before
sending it over to the app server.  As a result, exceptions
would be thrown in the web application if it tried to access
the client certificate.
Problem conclusion
The plugin was using the wrong variable to calculate the size
needed to allocate in order to store the client certificate.
As a result it would get truncated before it was sent to the
app server.
Temporary fix Comments
APAR information
APAR number PQ67506
Reported component name WEBSPHERE AE NT
Reported component ID 5630A2201
Reported release 400
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Submitted date 2002-10-23
Closed date 2002-11-04
Last modified date 2003-04-30

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Modules/Macros
PLUGIN          

SRLS

Fix information
Fixed component name WEBSPHERE AE NT
Fixed component ID 5630A2201

Applicable component levels
R400 PSY    UP


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > General
Operating system(s):
Software version: 400
Software edition:
Reference #: PQ67506
IBM Group: Software Group
Modified date: Apr 30, 2003