IC69842: NETTYPE SETTING FOR SOCSSL CAN PREVENT INSTANCE STARTUP WHEN SSLIS NOT CONFIGURED

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

APAR status

  • Closed as program error.

Error description

  • When an SSL certificate expires the instance will not start and
    a GSK_ERROR_BAD_DATE error is seen in the
    message log file.
    
    Attempting to restart the instance after removing the server
    name pointing to the SSL connection also fails.
    

Local fix

  • Remove or comment out the NETTYPE configuration parameter
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED:                                              *
    * IDS 11.50                                                    *
    ****************************************************************
    * PROBLEM DESCRIPTION:                                         *
    * Customer's SSL certificate expired, causing SSL net driver   *
    * to fail, and this blocks the server from getting online. But *
    * since other net drivers like TCP and SHM etc are still       *
    * working fine, the customer wants the server to still go      *
    * online and just use the TCP and SHM net drivers, ignore the  *
    * broken SSL net driver.                                       *
    ****************************************************************
    * RECOMMENDATION:                                              *
    * Fixed in 11.50.xCx branch in August 2010. All releases after *
    * August 2010 will have the fix. Upgrade to any IDS 11.50.xCx  *
    * after August 2010                                            *
    ****************************************************************
    

Problem conclusion

  • Old behavior of server:
    When there is a NETTYPE setting for SSL (even if there is no
    DBSERVERALIAS or sqlhosts entry using ssl), the server will
    still attempt to initialize the SSL driver, and oninit will
    fail if SSL certifiacte expired.
    
    New behavior of server:
    oninit will attempt to initialize the SSL net driver only if
    there is a DBSERVERALIAS or sqlhosts entry using ssl. oninit
    will operate fine if ssl certificate expired.
    

Temporary fix

Comments

APAR Information

  • APAR number

    IC69842

  • Reported component name

    IBM IDS ENTRP E

  • Reported component ID

    5724L2304

  • Reported release

    B15

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2010-07-12

  • Closed date

    2011-01-27

  • Last modified date

    2011-01-27

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    IBM IDS ENTRP E

  • Fixed component ID

    5724L2304

Applicable component levels

  • RB15 PSY

       UP



Document information


More support for:

Informix Servers

Software version:

B15

Reference #:

IC69842

Modified date:

2011-01-27

Translate my page

Content navigation