[omniORB] SSL and omniORB4 and JacORB

Brenneis, Steve steve.brenneis@attws.com
Wed, 9 Jan 2002 09:11:40 -0500 

David,

What version of JacORB is the Java side using? Prior to the current beta,
the supported SSL implementation was a commercial plugin that probably
wouldn't work with OpenSSL. I have gotten a client built with the current
JacORB beta to work with a VisiBroker server over SSL using the Sun JSSE
(which should work with Open SSL). Hope this helps.

Steve Brenneis
WebAXE Middleware Lead Developer
AT&T Wireless Services

> -----Original Message-----
> From: Duncan Grisby [mailto:dgrisby@uk.research.att.com]
> Sent: Wednesday, January 09, 2002 8:52 AM
> To: David Bellette
> Cc: OmniOrb Listserver
> Subject: Re: [omniORB] SSL and omniORB4 and JacORB 
> 
> 
> On Wednesday 9 January, "David Bellette" wrote:
> 
> > I have a omniORB4 snap shot from 20011213 built for SSL and 
> have built
> > it on a Win32 platform on WinNT4 SP6a. I'm using OpenSSL
> > 
> > I have a VC++ server and client sucessfully communicating, 
> using SSL.
> 
> Good.
> 
> > We also have a Java app built with Sun JDK 1.3 and JacORB - with a
> > client and server that communicate successfully using SSL.
> > 
> > Also, the Java client works with the VC++ server and the VC++ client
> > works with the Java server - but only using SSL.
> 
> I assume you mean "but only when _not_ using SSL".
> 
> [...]
> > The Java SSL implementation uses encrypted keys (not pem 
> files) and that
> > seems to be were the problem is. It has a keystore and a certificate
> > which are encrypted, and doesn't seem to want to accept the 
> pem files.
> > 
> > I've tried encrypting the openssl created keys, but I end up with a
> > certificate authority file, a certificate file and a key 
> file. omniORB
> > doesn't seem to be able to accept the files in any format other than
> > pem. Is this correct?
> 
> To be honest, I know very little about omniORB's SSL support at the
> moment. Sai-Lai (who has now left AT&T) wrote it. Of course, learning
> about it is on my list of things to do, but I haven't got around to it
> yet.
> 
> omniORB's certificate handling comes down to OpenSSL's
> SSL_CTX_use_certificate_file() function, documented here:
> 
>   http://www.openssl.org/docs/ssl/SSL_CTX_use_certificate.html
> 
> If you look at src/lib/omniORB/orbcore/ssl/sslContext.cc, you'll see
> where it's used. If OpenSSL can deal with JacORB's key files at all,
> you should be able to modify / extend sslContext.cc to use the
> relevant functions. In theory, your application can create its own
> class derived from sslContext, and implement the additional
> functionality there, rather than having to modify omniORB itself. I'm
> not sure if that actually works, though.
> 
> If you are able to change Java ORB, another solution might be to use
> OpenORB. I know that Sai-Lai successfully had omniORB interoperating
> with that.
> 
> Sorry I can't be more help,
> 
> Duncan.
> 
> -- 
>  -- Duncan Grisby  \  Research Engineer  --
>   -- AT&T Laboratories Cambridge          --
>    -- http://www.uk.research.att.com/~dpg1 --
>