iChain 2.2 Support Pack 2 Now Available

Novell Cool Solutions: Feature

Digg This - Slashdot This Posted: 25 Nov 2003

iChain 2.2 Support Pack 2 - Version 2.2.110

This patch provides enhancements and fixes for issues that have surfaced since iChain 2.2 shipped. It is not recommended to install individual files from the patch.

• Download the Support Pack and get the official installation instructions here: http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967439.htm
• Novell iChain Version 2.2 Support Pack 2 Readme: http://www.novell.com/documentation/lg/ichain22/readme.txt
• Novell iChain Version 2.2 (SP2) Documentation: http://www.novell.com/documentation/lg/ichain22/index.html

	New Features in iChain Version 2.2 SP2

1. Support For OLAC Internal Data Source Feature
2. Support for Step-Up Cryptography
3. Change to Command for Disabling the Internal Rewriter Per Accelerator
4. Troubleshooting HTTP 1.0/1.1

Read the Novell iChain 2.2 SP2 - New Features Summary for more information: http://www.novell.com/documentation/lg/ichain22/whatsnew.txt

	Fixes/Enhancements in this Support Pack (Since ic22sp1.exe)

1. Security Alerts:
   1. Fixed possibility of getting another user's session if the new user's session is opened on the same port.
   2. Fixed DoS attack using WGET to abend server.
   3. Fixes for NISCC vulnerability advisory on SSL and TLS protocols.
2. OLAC enhancement to forward authentication profile to back end Web server
3. Added CLI SET parameter to force accelerator to talk HTTP1.0 to origin web server.
   Syntax: Set accelerator <name> ForceHttp10ToOrigin=Yes|No
4. Added CLI SET parameter to disable Internal rewriter for specified accelerator.
   Syntax: SET accelerator <name> DisableRewriter=Yes|No
5. GUI performance enhancement
6. Added Netscape extension (Server Gated) support for Verisign Secure Site Pro certificates.
7. Added SMTP Trap and descriptive error page when LDAP Server is down.
8. Added support for the CPQNF3, B57, Q57 and PCNTNW driver's duplex and speed settings in the Admin GUI.
9. Added PKTSCAN.NLM for capturing traffic in and out of iChain on multiple interfaces.
10. Added sort for selectable IP addresses on web accelerator.
11. Improved hashing method used in processing Protected Resource wildcard matches.
12. Fixed abend in walking a list of "not initialized" services.
13. Fixed STOP.NCF abend on shutdown.
14. Abend doing referrals - with LDAP server down.
15. Abend when shutting down if LDAP server is down.
16. Abend rewriting very large .JSP file.
17. Abend if DN in Cert exceeded static buffer.
18. Abend after OTWUG caused by RESTART on second boot; Now do a RESET.
19. Fixed possible abend in SetSrvIP.NLM
20. Added port number to user's IP address in log files.
21. Corrected cookie logging.
22. Path-based multi-homed child accelerator logging would work only after its parent had logging enabled.
23. Fixed error: LogEvent called from an NLM that has not initialized its NLMEventID.
24. Fixed "Log volume full" problem when PROXYEXT.CFG is present, but empty.
25. On a "Set-Cookie" when the path is added, now check to add a ';' before path=/subpath.
26. Could not access iManager through path-based multihoming; Set-Cookie rewritten improperly.
27. Http references in the ONCLICK field of an <a href=...> tag were not being rewritten.
28. Rewriter was modifying second src img=\"http:// in java input string to src img=\"http:/.
29. Fixed rewriting of referer header when multihoming is enabled.
30. Fixed download wait when form fill was enabled for the accelerator.
31. Users with a CN containing spaces could not authenticate to iChain.
32. Removed cookie from the URL on the last 302 redirect during cross-domain authentication.
33. CLI (Command Line Interface) config export did not export DSSTART and DSEnd parameters.
34. Fixed 500 Internal Server error with "Mutual -OR- LDAP" profiles.
35. Changed OTWUG "RESTART SERVER" to "RESET SERVER" to eliminate insufficient memory error.
36. Moved the license read code from ACLCHECK to PROXY to eliminate CLI LDAP communication error associated with license read problem.
37. A .NAS file import might take the lowest IP address and bind it as the primary address.
38. Fixed problems when assigning a new Master accelerator: DNS name would not change and the change required a re-boot.
39. If "Return error if host name sent by browser does not match above DNS name" is checked, return error.
40. Fixed Netscape 7.1 (Mozilla) login & error page display problems.
41. iChain was forwarding without stripping the multihoming path.
42. Updated DBNET6.NLM & RDBHOST.NLM.
43. Updated NPKIAPI now checks multiple CRL servers in CRL Distribution Point.
44. Fixed -649 error importing certificate.
45. Fixed multiple HTTP 1.1 compatibility issues with compression/deflate.
    Symptoms Include:
    - "502 Bad Gateway" error.
    - "500 Internal Server Error" processing deflate header.
    - 302 redirect will not be forwarded if gzip header is included but data is not compressed.

Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com