[omniORB] ssl_echo examples problem

Rob rob@visuals.co.za
Tue Mar 18 07:19:01 2003


Hi Alain

I have been using ssl successfully and originally tested it with the
ssl_echo example. 

Try using catior on the ior generated by the server to confirm that the
ssl has been correctly set up.

Should see something like:

Type ID: "IDL:Echo:1.0"
Profiles:
1. IIOP 1.2 192.168.1.98 0 "...v>...K....."
            TAG_ORB_TYPE omniORB
            TAG_CODE_SETS char native code set: ISO-8859-1
                          char conversion code set: UTF-8
                          wchar native code set: UTF-16
                          wchar conversion code set: UTF-16

            TAG_SSL_SEC_TRANS port = 3449 supports = 96 requires = 96

I quickly tried it again, and if I change the line

my_argv[my_arg_c - 1] = "giop:tcp::";

instead of "giop:ssl::"; 

I do not see the TAG_SSL_SEC_TRANS line, and I can see the packets with
ethereal. 
If I use giop:ssl they are encrypted.

Not sure why you are seeing the packets as you describe, but as a start
check the ior is correct.

Regards
Rob
 
On Tue, 2003-03-18 at 00:02, Alain Patrick Medenou (LMC) wrote:
> Hi, 
>  I'm experiencing a problem when sniffing client and server
> communication in omniORB ssl examples (in ssl_echo directory). I'm able
> to read in clear text what is sent between them, using Ethereal.
> 
> I followed these steps: 
> - I've been able to build omniORB with ssl transport (To check that,
> when I uncomment ssl initialisations in client and server programs and
> run them, i get a warning telling me that SSL transport has been
> disabled because ssl certificates files weren't set). 
> 
> - I run the server "eg2_impl" and then the client "eg2_clt" (with the
> IOR parameter) and everything works well 
> - But when I launch "ethereal" to sniff GIIOP packets, I'm able to read
> the clear text: "hello" that is sent between client and server.
> 
>  I hoped not to be able to read what was sent between server and client,
> because I think it should be encrypted due to SSL transport.
> 
>  Can somebody tell me something about that.  Thanks for your quick
> reply. 
> 
>  Alain Patrick M. 
>