[omniORB] SSL and omniORB4 and JacORB

[David Bellette]

> On Wednesday 9 January, "David Bellette" wrote:
>
> > I have a omniORB4 snap shot from 20011213 built for SSL and have built
> > it on a Win32 platform on WinNT4 SP6a. I'm using OpenSSL
> >
> > I have a VC++ server and client sucessfully communicating, using SSL.
>
> Good.
>
> > We also have a Java app built with Sun JDK 1.3 and JacORB - with a
> > client and server that communicate successfully using SSL.
> >
> > Also, the Java client works with the VC++ server and the VC++ client
> > works with the Java server - but only using SSL.
>
> I assume you mean "but only when _not_ using SSL".

Umm, yes, I did - I really should get someone to check my emails for typos like that - sorry.

> [...]
> > The Java SSL implementation uses encrypted keys (not pem files) and that
> > seems to be were the problem is. It has a keystore and a certificate
> > which are encrypted, and doesn't seem to want to accept the pem files.
> >
> > I've tried encrypting the openssl created keys, but I end up with a
> > certificate authority file, a certificate file and a key file. omniORB
> > doesn't seem to be able to accept the files in any format other than
> > pem. Is this correct?
>
> To be honest, I know very little about omniORB's SSL support at the
> moment. Sai-Lai (who has now left AT&T) wrote it. Of course, learning
> about it is on my list of things to do, but I haven't got around to it
> yet.
>
> omniORB's certificate handling comes down to OpenSSL's
> SSL_CTX_use_certificate_file() function, documented here:
>
>   http://www.openssl.org/docs/ssl/SSL_CTX_use_certificate.html
>
> If you look at src/lib/omniORB/orbcore/ssl/sslContext.cc, you'll see
> where it's used. If OpenSSL can deal with JacORB's key files at all,
> you should be able to modify / extend sslContext.cc to use the
> relevant functions. In theory, your application can create its own
> class derived from sslContext, and implement the additional
> functionality there, rather than having to modify omniORB itself. I'm
> not sure if that actually works, though.

That sounds like the hard way. Should it all be this hard? Being new to SSL, I'm not really sure, but having looked at some other
code that has implemented SSL, it's only a few lines of code.
I'll keep that in mind if we don't get anywhere with the current testing.
The problem, to me, seems to be with the jacorb implementation not supporting the file formats/implementation using in omniORB.

> If you are able to change Java ORB, another solution might be to use
> OpenORB. I know that Sai-Lai successfully had omniORB interoperating
> with that.

That might be a good option, if I can convince my colleague to test yet another orb. :-)
I've mentioned it to him but he wants to keep testing this as we seem closer now - just the omniORB client to Java server
connection to get working...
Do you know if OpenORB is free? They have a commercial version available - does this mean I have to use that for commercial
applications, or only if I want commercial support?

> Sorry I can't be more help,

That's OK, what can I expect for free huh?  :-)
Thanks for your help.

David