[omniORB] SSL support status?

Randy Shoup rshoup@tumbleweed.com
Thu, 14 Jan 1999 18:15:26 -0800 

Sai-Lai Lo wrote:
> 
> Randy,
> 
> >>>>> Randy Shoup writes:
> 
> >   There have been some rumors of a working IIOP over SSL transport with
> > omniORB (http://www.orl.co.uk/omniORB/archives/1998-11/0041.html).  We
> > would be very interested in SSL support, and may have to develop it
> > ourselves if we can't beg, borrow, or steal it.  We would prefer, of
> > course, to leverage the hard work of others here :-)
> 
> I should be able to give you access to a version of omniORB with SSL
> support in the next few days. Note that this version has not been subject
> to vigorous testing and was done independent of the main development and
> with omniORB_2.5.0.
> 
> What I would like is to have your feedback on the API that we have added.
> And of course any bug fixes you have done.

Perfect.  We've done some SSL stuff before, so hopefully we can give
some constructive feedback.

We'll also do the "vigorous testing" part :-), and would be happy to
reintegrate the changes with 2.6.1 (or 2.7.0, if that becomes available
soon).

> 
> My intention is to integrate the stuff after the IIOP 1.1 work is done.
> 
> >   Is there a time-frame on when SSL support will be ready for prime
> > time?  The note I reference above says that you don't want to release it
> > before IIOP1.1.  Is IIOP1.1 required to get SSL to work with IIOP?
> 
> The IIOP IOR extension to support SSL is defined in 1.1. So strictly
> speaking omniORB should really talk IIOP 1.1 to get SSL to work but as far
> as the message exchange is concern 1.0 will do.

This was what I suspected.  In my brief review of the OMG spec
yesterday, it seemed like the IOR extensions are pretty much required
for doing any sort of augmentation of the protocol (e.g., SSL,
compression, etc.).  

It also seemed to me that the 1.1 IOR extensions might be required for
introducing any alternate transport.  I hope I am wrong, but I couldn't
figure out how to shoehorn an alternate transport into an IIOP 1.0
profile, or similarly, how to give enough information through an IIOP
1.0 profile to help the ORB to make an intelligent decision between two
transports.  

> 
> I have a bit of time at hand this week so I've started implementing
> GIOP/IIOP 1.1. Once this is done, I may release a snapshot for people to
> try out.

That would be ideal.  We'd be happy to beta test this.

Thanks,
-- Randy
_________________________________________________________________  
Randy Shoup                                     (650)569-3682  
Software Architect                              rshoup@tumbleweed.com  
Tumbleweed Software Corporation