[omniORB] SSL and omniORB4 and JacORB

Brenneis, Steve steve.brenneis@attws.com
Thu, 10 Jan 2002 09:45:10 -0500 

David,

Sorry, I can't be of any help there, although I'm not sure why the identity
or type of client or server should make any difference. If the JacORB server
is using JSSE, you might try looking in the Sun developer connection for
issues with foreign SSL clients and their certificates.

Steve Brenneis
WebAXE Middleware Lead Developer
AT&T Wireless Services

> -----Original Message-----
> From: David Bellette [mailto:david.bellette@nec.com.au]
> Sent: Wednesday, January 09, 2002 7:11 PM
> To: Brenneis, Steve; OmniOrb Listserver
> Subject: Re: [omniORB] SSL and omniORB4 and JacORB 
> 
> 
> Hi Steve
> 
> Thanks for your help.
> 
> We have now managed to get the Java client working with the 
> omniORB4 C++ server (as you said in your email)
> 
> The problem at the moment is the omniORB4 C++ client 
> connecting to the Jacorb server - that doesn't want to 
> connect. have you
> managed anything that way?
> 
> David
> 
> 
> ----- Original Message -----
> From: "Brenneis, Steve" <steve.brenneis@attws.com>
> To: "David Bellette" <david.bellette@nec.com.au>
> Cc: "OmniOrb Listserver" <omniorb-list@uk.research.att.com>
> Sent: Thursday, January 10, 2002 1:11 AM
> Subject: RE: [omniORB] SSL and omniORB4 and JacORB
> 
> 
> > David,
> >
> > What version of JacORB is the Java side using? Prior to the 
> current beta,
> > the supported SSL implementation was a commercial plugin 
> that probably
> > wouldn't work with OpenSSL. I have gotten a client built 
> with the current
> > JacORB beta to work with a VisiBroker server over SSL using 
> the Sun JSSE
> > (which should work with Open SSL). Hope this helps.
> >
> > Steve Brenneis
> > WebAXE Middleware Lead Developer
> > AT&T Wireless Services
> >
> > > -----Original Message-----
> > > From: Duncan Grisby [mailto:dgrisby@uk.research.att.com]
> > > Sent: Wednesday, January 09, 2002 8:52 AM
> > > To: David Bellette
> > > Cc: OmniOrb Listserver
> > > Subject: Re: [omniORB] SSL and omniORB4 and JacORB
> > >
> > >
> > > On Wednesday 9 January, "David Bellette" wrote:
> > >
> > > > I have a omniORB4 snap shot from 20011213 built for SSL and
> > > have built
> > > > it on a Win32 platform on WinNT4 SP6a. I'm using OpenSSL
> > > >
> > > > I have a VC++ server and client sucessfully communicating,
> > > using SSL.
> > >
> > > Good.
> > >
> > > > We also have a Java app built with Sun JDK 1.3 and 
> JacORB - with a
> > > > client and server that communicate successfully using SSL.
> > > >
> > > > Also, the Java client works with the VC++ server and 
> the VC++ client
> > > > works with the Java server - but only using SSL.
> > >
> > > I assume you mean "but only when _not_ using SSL".
> > >
> > > [...]
> > > > The Java SSL implementation uses encrypted keys (not pem
> > > files) and that
> > > > seems to be were the problem is. It has a keystore and 
> a certificate
> > > > which are encrypted, and doesn't seem to want to accept the
> > > pem files.
> > > >
> > > > I've tried encrypting the openssl created keys, but I 
> end up with a
> > > > certificate authority file, a certificate file and a key
> > > file. omniORB
> > > > doesn't seem to be able to accept the files in any 
> format other than
> > > > pem. Is this correct?
> > >
> > > To be honest, I know very little about omniORB's SSL 
> support at the
> > > moment. Sai-Lai (who has now left AT&T) wrote it. Of 
> course, learning
> > > about it is on my list of things to do, but I haven't got 
> around to it
> > > yet.
> > >
> > > omniORB's certificate handling comes down to OpenSSL's
> > > SSL_CTX_use_certificate_file() function, documented here:
> > >
> > >   http://www.openssl.org/docs/ssl/SSL_CTX_use_certificate.html
> > >
> > > If you look at src/lib/omniORB/orbcore/ssl/sslContext.cc, 
> you'll see
> > > where it's used. If OpenSSL can deal with JacORB's key 
> files at all,
> > > you should be able to modify / extend sslContext.cc to use the
> > > relevant functions. In theory, your application can create its own
> > > class derived from sslContext, and implement the additional
> > > functionality there, rather than having to modify omniORB 
> itself. I'm
> > > not sure if that actually works, though.
> > >
> > > If you are able to change Java ORB, another solution 
> might be to use
> > > OpenORB. I know that Sai-Lai successfully had omniORB 
> interoperating
> > > with that.
> > >
> > > Sorry I can't be more help,
> > >
> > > Duncan.
> > >
> > > --
> > >  -- Duncan Grisby  \  Research Engineer  --
> > >   -- AT&T Laboratories Cambridge          --
> > >    -- http://www.uk.research.att.com/~dpg1 --
> > >
> >
> >
>