[omniORB] Fallback from SSL to TCP on CA failure?
Peter Klotz
peter.klotz at aon.at
Tue Oct 27 20:05:27 GMT 2009
Hello Duncan
> Now I look at your trace, I realise that I wasn't correct in saying that
> the fallback to a second address is automatic. When opening a connection
> fails, the rope is switched to the next address in the available
> addresses, but the connection attempt is not automatically retried. If
> you try the call again, it will try the second address. That's why you
> see that when you try two calls to a particular server, the second one
> succeeds after the first has failed.
Thanks a lot for this explanation. Now my test results finally make sense.
> It's possible to register a TRANSIENT exception handler that
> automatically retries in these situations. That's why I told you the
> wrong thing before -- the system I spend most of my time using does have
> such a handler, and I forgot that the standard one doesn't retry.
Actually I do not want a retry in my situation. I would like to force my
clients to use SSL although the servers have to support a plain TCP
listen port for backward compatibility with legacy non SSL clients.
Currently I am forced to also allow TCP for my clients since they
contact omniNames without encryption.
I tried running omniNames with an SSL endpoint but got this error:
omniORB: ORB_init failed: unknown option (-ORBsslCAFile) in -ORB arguments
Failed to initialise the ORB / POA: INITIALIZE_InvalidORBInitArgs
Is omniNames already running?
In an SSL build of omniORB omniNames does not depend on libomnisslTP4.so.
Is it possible to encrypt the Naming Service communication?
Regards, Peter.
More information about the omniORB-list
mailing list