[omniORB] SSL and omniORB4 and JacORB

David Bellette david.bellette@nec.com.au
Wed, 9 Jan 2002 10:46:49 +1100


This is a multi-part message in MIME format.

--------------InterScan_NT_MIME_Boundary
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_01A2_01C198FA.F0BD0550"

------=_NextPart_000_01A2_01C198FA.F0BD0550
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hi

I have a omniORB4 snap shot from 20011213 built for SSL and have built =
it on a Win32 platform on WinNT4 SP6a. I'm using OpenSSL

I have a VC++ server and client sucessfully communicating, using SSL.

We also have a Java app built with Sun JDK 1.3 and JacORB - with a =
client and server that communicate successfully using SSL.

Also, the Java client works with the VC++ server and the VC++ client =
works with the Java server - but only using SSL.
(FYI, we had to set -ORBverifyObjectExistsAndType 0 before that worked)

The problem appears to be in the implementation of the certificates and =
the keys.

Forgive me, as a collegue is doing the Java development, so I don't know =
the full ins and outs of that side.


The omniORB SSL demo, ssl_echo uses syntax as follows:

sslContext::certificate_authority_file =3D "root.pem";
sslContext::key_file =3D "server.pem";
sslContext::key_file_password =3D "password";

before initialising the ORB. I have also set=20
-ORBendPoint giop:ssl::

The Java SSL implementation uses encrypted keys (not pem files) and that =
seems to be were the problem is. It has a keystore and a certificate =
which are encrypted, and doesn't seem to want to accept the pem files.

I've tried encrypting the openssl created keys, but I end up with a =
certificate authority file, a certificate file and a key file. omniORB =
doesn't seem to be able to accept the files in any format other than =
pem. Is this correct?

Sorry to be so vague, but if anyone can help me with a way to get these =
things working together it would be greatly appreciated.

David


------=_NextPart_000_01A2_01C198FA.F0BD0550
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 5.50.4807.2300" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV>Hi</DIV>
<DIV>&nbsp;</DIV>
<DIV>I have a omniORB4 snap shot from 20011213 built for SSL and have =
built it=20
on a Win32 platform on WinNT4 SP6a. I'm using OpenSSL</DIV>
<DIV>&nbsp;</DIV>
<DIV>I have a VC++ server and client sucessfully communicating, using =
SSL.</DIV>
<DIV>&nbsp;</DIV>
<DIV>We also have a Java app built with Sun JDK 1.3 and JacORB - with a =
client=20
and server that communicate successfully using SSL.</DIV>
<DIV>&nbsp;</DIV>
<DIV>Also, the Java client works with the VC++ server and the VC++ =
client works=20
with the Java server - but only using SSL.</DIV>
<DIV>
<DIV>(FYI, we had to set -ORBverifyObjectExistsAndType 0 before that=20
worked)</DIV>
<DIV>&nbsp;</DIV></DIV>
<DIV>The problem appears to be in the implementation of the certificates =
and the=20
keys.</DIV>
<DIV>&nbsp;</DIV>
<DIV>Forgive me, as a collegue is doing the Java development, so I don't =
know=20
the full ins and outs of that side.</DIV>
<DIV>&nbsp;</DIV>
<DIV>&nbsp;</DIV>
<DIV>The omniORB SSL demo, ssl_echo uses syntax as follows:</DIV>
<DIV>&nbsp;</DIV>
<DIV>sslContext::certificate_authority_file =3D=20
"root.pem";<BR>sslContext::key_file =3D=20
"server.pem";<BR>sslContext::key_file_password =3D "password";<BR></DIV>
<DIV>before initialising the ORB. I have also set </DIV>
<DIV>-ORBendPoint giop:ssl::</DIV>
<DIV>&nbsp;</DIV>
<DIV>The Java SSL implementation uses encrypted keys (not pem files) and =
that=20
seems to be were the problem is. It has a keystore and a certificate =
which are=20
encrypted, and doesn't seem to want to accept the pem files.</DIV>
<DIV>&nbsp;</DIV>
<DIV>I've tried encrypting the&nbsp;openssl&nbsp;created keys, but I end =
up with=20
a certificate authority file, a certificate file and a key file. omniORB =
doesn't=20
seem to be able to accept the files in any format other than pem. Is =
this=20
correct?</DIV>
<DIV>&nbsp;</DIV>
<DIV>Sorry to be so vague, but if anyone can help me with a way to get =
these=20
things working together&nbsp;it would be greatly appreciated.</DIV>
<DIV>&nbsp;</DIV>
<DIV>David</DIV>
<DIV>&nbsp;</DIV></BODY></HTML>

------=_NextPart_000_01A2_01C198FA.F0BD0550--


--------------InterScan_NT_MIME_Boundary--