IJ52820: DISTRUSTING TLS SERVER CERTIFICATES ANCHORED BY ENTRUST ROOT CERTIFICATES AND ISSUED AFTER OCT 2024

APAR status

• Closed as program error.

Error description

• Error Message: N/A
  .
  Stack Trace: N/A
  .
  

Local fix

Problem summary

• This is an enhancement to the IBM JDK for both Java 7 and Java 8
  similar that described by the link below.
  https://bugs.openjdk.org/browse/JDK-8337664?jql=labels%20%3D%20j
  dk8u-critical-request
  Logic has been added to the IBM Java 7 and Java 8 JDKs that
  determines whether certain certificates issued by an Entrust
  certificate authority can be trusted.
  

Problem conclusion

• This enhancement affects the following jar files.
  Jar file affected - ibmjsseprovider2.jar
  GIT Issue - #338
  RTC - 151798
  Build - 8.0 build_20241004--366, 7.0 build_20241004--369
  JVM to be delivered in - JDK 8 SR8 FP35, JDK 7.1 SR5 FP24
  Jar file affected - ibmpkcs.jar
  GIT Issue - #191
  RTC - 151798
  Build - 8.0 build_20241007--138, 7.0 build_20241010--144
  JVM to be delivered in - JDK 8 SR8 FP35, JDK 7.1 SR5 FP24
  .
  This APAR will be fixed in the following Releases:
  .
  IBM Semeru Runtimes
  IBM SDK, Java Technology Edition
   8 SR8 FP35 (8.0.8.35)
   7 R1 SR5 FP2 (7.1.5.2) (restricted access)
  .
  Downloads and supplementary documentation can be found at the
  following locations:
  - For non z/OS operating systems:
   - IBM Semeru Runtimes, Version 11 and later
   https://www.ibm.com/semeru-runtimes/downloads/
   - IBM SDK, Java Technology Edition, Version 8
   https://www.ibm.com/support/pages/java-sdk-downloads/
  - For the z/OS operating system:
   - Java SDK Products on z/OS
   https://www.ibm.com/support/pages/java-sdk-products-zos
  

Temporary fix

Comments

APAR Information

• APAR is sysrouted FROM one or more of the following:

• APAR is sysrouted TO one or more of the following:

Fix information

• Fixed component name

  SECURITY

• Fixed component ID

  620700125

Applicable component levels