[omniORB] SSL and omniORB4 and JacORB

David Bellette david.bellette@nec.com.au
Thu, 10 Jan 2002 11:11:01 +1100


Hi Steve

Thanks for your help.

We have now managed to get the Java client working with the omniORB4 C++ server (as you said in your email)

The problem at the moment is the omniORB4 C++ client connecting to the Jacorb server - that doesn't want to connect. have you
managed anything that way?

David


----- Original Message -----
From: "Brenneis, Steve" <steve.brenneis@attws.com>
To: "David Bellette" <david.bellette@nec.com.au>
Cc: "OmniOrb Listserver" <omniorb-list@uk.research.att.com>
Sent: Thursday, January 10, 2002 1:11 AM
Subject: RE: [omniORB] SSL and omniORB4 and JacORB


> David,
>
> What version of JacORB is the Java side using? Prior to the current beta,
> the supported SSL implementation was a commercial plugin that probably
> wouldn't work with OpenSSL. I have gotten a client built with the current
> JacORB beta to work with a VisiBroker server over SSL using the Sun JSSE
> (which should work with Open SSL). Hope this helps.
>
> Steve Brenneis
> WebAXE Middleware Lead Developer
> AT&T Wireless Services
>
> > -----Original Message-----
> > From: Duncan Grisby [mailto:dgrisby@uk.research.att.com]
> > Sent: Wednesday, January 09, 2002 8:52 AM
> > To: David Bellette
> > Cc: OmniOrb Listserver
> > Subject: Re: [omniORB] SSL and omniORB4 and JacORB
> >
> >
> > On Wednesday 9 January, "David Bellette" wrote:
> >
> > > I have a omniORB4 snap shot from 20011213 built for SSL and
> > have built
> > > it on a Win32 platform on WinNT4 SP6a. I'm using OpenSSL
> > >
> > > I have a VC++ server and client sucessfully communicating,
> > using SSL.
> >
> > Good.
> >
> > > We also have a Java app built with Sun JDK 1.3 and JacORB - with a
> > > client and server that communicate successfully using SSL.
> > >
> > > Also, the Java client works with the VC++ server and the VC++ client
> > > works with the Java server - but only using SSL.
> >
> > I assume you mean "but only when _not_ using SSL".
> >
> > [...]
> > > The Java SSL implementation uses encrypted keys (not pem
> > files) and that
> > > seems to be were the problem is. It has a keystore and a certificate
> > > which are encrypted, and doesn't seem to want to accept the
> > pem files.
> > >
> > > I've tried encrypting the openssl created keys, but I end up with a
> > > certificate authority file, a certificate file and a key
> > file. omniORB
> > > doesn't seem to be able to accept the files in any format other than
> > > pem. Is this correct?
> >
> > To be honest, I know very little about omniORB's SSL support at the
> > moment. Sai-Lai (who has now left AT&T) wrote it. Of course, learning
> > about it is on my list of things to do, but I haven't got around to it
> > yet.
> >
> > omniORB's certificate handling comes down to OpenSSL's
> > SSL_CTX_use_certificate_file() function, documented here:
> >
> >   http://www.openssl.org/docs/ssl/SSL_CTX_use_certificate.html
> >
> > If you look at src/lib/omniORB/orbcore/ssl/sslContext.cc, you'll see
> > where it's used. If OpenSSL can deal with JacORB's key files at all,
> > you should be able to modify / extend sslContext.cc to use the
> > relevant functions. In theory, your application can create its own
> > class derived from sslContext, and implement the additional
> > functionality there, rather than having to modify omniORB itself. I'm
> > not sure if that actually works, though.
> >
> > If you are able to change Java ORB, another solution might be to use
> > OpenORB. I know that Sai-Lai successfully had omniORB interoperating
> > with that.
> >
> > Sorry I can't be more help,
> >
> > Duncan.
> >
> > --
> >  -- Duncan Grisby  \  Research Engineer  --
> >   -- AT&T Laboratories Cambridge          --
> >    -- http://www.uk.research.att.com/~dpg1 --
> >
>
>