[omniORB] fixed SSLIOP Interoperability issues (from JacORB call omniORB)

Jiang Wei sdjiangwei at gmail.com
Tue May 19 10:56:31 BST 2009


SSL_CTX_set_session_id_context(3) say"
WARNINGS
If the session id context is not set on an SSL/TLS server and client
certificates are used, stored sessions will not
be reused but a fatal error will be flagged and the handshake will fail.

If a server returns a different session id context to an OpenSSL client
when reusing a session, an error will be
flagged and the handshake will fail. OpenSSL servers will always return
the correct session id context, as an OpenSSL
server checks the session id context itself before reusing a session as
described above.
"
Index: sslContext.cc
===================================================================
RCS file:
/cvsroot/omniorb/omni/src/lib/omniORB/orbcore/ssl/Attic/sslContext.cc,v
retrieving revision 1.1.4.6
diff -u -b -r1.1.4.6 sslContext.cc
--- sslContext.cc 6 May 2009 16:14:51 -0000 1.1.4.6
+++ sslContext.cc 19 May 2009 01:56:29 -0000
@@ -158,6 +158,19 @@
OMNIORB_THROW(INITIALIZE,INITIALIZE_TransportError,
CORBA::COMPLETED_NO);
}
+
+ static const unsigned char session_id_context [] = "omniORB";
+ size_t session_id_len =
+ (sizeof session_id_context >= SSL_MAX_SSL_SESSION_ID_LENGTH)
+ ? SSL_MAX_SSL_SESSION_ID_LENGTH : sizeof session_id_context;
+
+ if (SSL_CTX_set_session_id_context(pd_ctx,
+ session_id_context, session_id_len) != 1) {
+ report_error();
+ OMNIORB_THROW(INITIALIZE,INITIALIZE_TransportError,
+ CORBA::COMPLETED_NO);
+ }
+
set_supported_versions();
seed_PRNG();
set_certificate();




More information about the omniORB-list mailing list