[omniORB] SSL and omniORB4 and JacORB

Duncan Grisby dgrisby@uk.research.att.com
Wed, 09 Jan 2002 13:52:19 +0000


On Wednesday 9 January, "David Bellette" wrote:

> I have a omniORB4 snap shot from 20011213 built for SSL and have built
> it on a Win32 platform on WinNT4 SP6a. I'm using OpenSSL
> 
> I have a VC++ server and client sucessfully communicating, using SSL.

Good.

> We also have a Java app built with Sun JDK 1.3 and JacORB - with a
> client and server that communicate successfully using SSL.
> 
> Also, the Java client works with the VC++ server and the VC++ client
> works with the Java server - but only using SSL.

I assume you mean "but only when _not_ using SSL".

[...]
> The Java SSL implementation uses encrypted keys (not pem files) and that
> seems to be were the problem is. It has a keystore and a certificate
> which are encrypted, and doesn't seem to want to accept the pem files.
> 
> I've tried encrypting the openssl created keys, but I end up with a
> certificate authority file, a certificate file and a key file. omniORB
> doesn't seem to be able to accept the files in any format other than
> pem. Is this correct?

To be honest, I know very little about omniORB's SSL support at the
moment. Sai-Lai (who has now left AT&T) wrote it. Of course, learning
about it is on my list of things to do, but I haven't got around to it
yet.

omniORB's certificate handling comes down to OpenSSL's
SSL_CTX_use_certificate_file() function, documented here:

  http://www.openssl.org/docs/ssl/SSL_CTX_use_certificate.html

If you look at src/lib/omniORB/orbcore/ssl/sslContext.cc, you'll see
where it's used. If OpenSSL can deal with JacORB's key files at all,
you should be able to modify / extend sslContext.cc to use the
relevant functions. In theory, your application can create its own
class derived from sslContext, and implement the additional
functionality there, rather than having to modify omniORB itself. I'm
not sure if that actually works, though.

If you are able to change Java ORB, another solution might be to use
OpenORB. I know that Sai-Lai successfully had omniORB interoperating
with that.

Sorry I can't be more help,

Duncan.

-- 
 -- Duncan Grisby  \  Research Engineer  --
  -- AT&T Laboratories Cambridge          --
   -- http://www.uk.research.att.com/~dpg1 --