PCR: 01162 Module: PKI Network affecting: No Certificates containing GeneralisedTime with the year in YYYY format are now parsed correctly. The keyUsage field of certificates is now parsed correctly when only one byte has been specified. The CRL update time is now displayed correctly in hours. If the username and password parameters are present the location parameter must be present and appear before the username and password parameters. Certificates with signatures of 257 bytes are now correctly parsed. Certificates added from a configuration script are now processed correctly. Patch 86222-06 for Software Release 2.2.2 C613-10319-00 REV F Patch 86222-06 For Rapier Switches and AR800 Series Modular Switching Routers PCR: 01170 Module: IPv6 Network affecting: No A fatal error occurred if an IPv6 interface was deleted while packets were being transmitted. The number of current interfaces was not being updated correctly when a new IPv6 interface was added. As a result, after multiple additions and deletions, no more IPv6 interfaces could be added. These issues have been resolved. PCR: 01176 Module: PKI Network affecting: No The CREATE CONFIG command now adds PKI certificates to the script in the same order that they were originally added to the certificate database. PCR: 01177 Module: PKI Network affecting: No PKI certificates are now periodically checked (once per hour) to verify that they are still valid. PCR: 01178 Module: IPSEC Network affecting: No IPCOMP SA’s which have the reserved CPI “3” are no longer deleted by ISAKMP delete messages. PCR: 01179 Module: SWI Network affecting: No When a VLAN was created and then destroyed on the G6 or G6F, the VTABLE was corrupted. This has been fixed. PCR: 01181 Module: DHCP Network affecting: No DHCP failed to send request messages when it was in a rebinding or renewing state. This issue has been resolved. PCR: 01185 Module: SWI Network affecting: No In some extreme traffic conditions the switch could lock up, preventing switching of any traffic. This issue has been resolved. PCR: 01186 Module: FIREWALL Network affecting: No When large numbers of sessions were being handled the firewall would become overly aggressive in restricting new sessions. The Active TCP Opens field in the output of the SHOW FIREWALL POLICY would show a very high number (42 . 108). This issue has been resolved. PCR: 01187 Module: IPG Network affecting: No If the IGMP table was empty and a timeout was set, a fatal error occurred. This issue has been resolved. Patch 86222-06 for Software Release 2.2.2 C613-10319-00 REV F Patch Release Note Features in 86222-04 Patch file details for Patch 86222-04 are listed in Table 3. Table 3: Patch file details for Patch 86222-04. Base Software Release File 86s-222.rez Patch Release Date 24-Aug-2001 Compressed Patch File Name 86222-04.paz Compressed Patch File Size 220220 bytes Patch 86222-04 includes all issues resolved and enhancements released in previous patches for Software Release 2.2.2, and the following enhancements: PCR: 01124 Module: PKI Network affecting: No Message protection validation failures would occur intermittently. This issue has been resolved. PCR: 01136 Module: ISAKMP Network affecting: No ISAKMP now interoperates with other vendor’s products in aggressive mode exchanges. PCR 01138 Module: CORE, SWI Network affecting: No Support has been added for the 8624XL-80 switch with -48VDC power supply. PCR: 01152 Module: FIREWALL Network affecting: No In a dual policy configuration, the firewall would lock up under load. The firewall would also mistakenly report SYN attacks. These issues have been resolved. PCR: 01159 Module: PIM Network affecting: No The CREATE CONFIG command generated duplicate PIM interface configuration command lines. This issue has been resolved. PCR: 01162 Module: PKI Network affecting: No Certificates containing GeneralisedTime with the year in YYYY format are now parsed correctly. The keyUsage field of certificates is now parsed correctly when only one byte has been specified. The CRL update time is now displayed correctly in hours. If the username and password parameters are present the location parameter must be present and appear before the username and password parameters. PCR: 01165 Module: DHCP Network affecting: No The DHCP server now correctly allocates addresses to clients running Apple Open Transport 2.5.1 or 2.5.2. PCR: 01166 Module: FIREWALL Network affecting: No Both public and private access could be configured on the same interface on a policy. This issue has been resolved. Patch 86222-06 for Software Release 2.2.2 C613-10319-00 REV F Patch 86222-06 For Rapier Switches and AR800 Series Modular Switching Routers PCR: 01167 Module: ENCO Network affecting: No RSA encryption is now periodically suspended to ensure other processes get some CPU time during large RSA calculations. PCR: 01169 Module: ISAKMP Network affecting: No The CREATE ISAKMP command now checks that the key specified by the LOCALRSAKEY paramete...