[omniORB] SSL Transport and ORB_init

Christopher Fahey Christopher.Fahey at tmgofficeservices.com
Wed Oct 30 21:36:08 UTC 2024 

Hello.  Hopefully someone can help me with this problem.  I have an 
existing Windows 11 based application that uses OmniOrb.  It has never 
had security applied to the transport so I am adding SSL to it. The 
documentation indicates that the SSL values, cert file, key file and 
password need to be set up first.  Done.  It works fine as long as 
everything is correct.  The problem occurs when the user is logging in a 
enters the password for the client SSL key incorrectly.  If the password 
is incorrect, the ORB_init throws a CORBA::SystemException.

         // get these values from the configuration and set them into 
the global space for the transport.
         omni::sslContext::certificate_authority_file = 
m_ptrConfig->getRootCertFile();
         omni::sslContext::key_file = m_ptrConfig->getClientKeyFile();
         omni::sslContext::key_file_password = 
m_ptrConfig->getKeyPassword();
         // if we failed due to bad values from the certs, then reset them.
         if (omni::sslContext::singleton != nullptr)
         {
             // reinitialize the sslContext if called subsequent times.
             omni::sslContext::singleton->update_CA( 
m_ptrConfig->getRootCertFile(), nullptr );
             omni::sslContext::singleton->update_key( 
m_ptrConfig->getClientKeyFile(), m_ptrConfig->getKeyPassword());
         }
         // initialize if first time in here.
         if( orb == nullptr )
         {
             const char* options[][2] = { { "giopMaxMsgSize", buffer }, 
{ 0, 0 } };
             orb = CORBA::ORB_init(argc, argv, "omniORB4", options);
         }

All of this code works fine the first time through.  The problem is the 
next time through. The user is prompted for the password a subsequent 
time and when it comes through the key and password are updated.  So far 
so good.  However, the orb was not completely initialized the first time 
and the second pass encounters an ASSERTION in the 
omni_giopStreamInitializer.attach() function because it was previously 
called during the ORB_init but during the previous pass and thrown 
exception, it didn't clean anything out when it happened, leaving memory 
still in place.

I am looking for suggestions on how to clean things up after a failed 
login from my code.  I can just implement a temporary solution and shut 
the app down but I would prefer to keep it running.

Thanks,

Christopher Fahey

More information about the omniORB-list mailing list