[omniORB] Fallback from SSL to TCP on CA failure?

[Peter Klotz]

Hello Duncan

> Now I look at your trace, I realise that I wasn't correct in saying that
> the fallback to a second address is automatic. When opening a connection
> fails, the rope is switched to the next address in the available
> addresses, but the connection attempt is not automatically retried. If
> you try the call again, it will try the second address. That's why you
> see that when you try two calls to a particular server, the second one
> succeeds after the first has failed.

Thanks a lot for this explanation. Now my test results finally make sense.


> It's possible to register a TRANSIENT exception handler that
> automatically retries in these situations. That's why I told you the
> wrong thing before -- the system I spend most of my time using does have
> such a handler, and I forgot that the standard one doesn't retry.


Actually I do not want a retry in my situation. I would like to force my 
clients to use SSL although the servers have to support a plain TCP 
listen port for backward compatibility with legacy non SSL clients.

Currently I am forced to also allow TCP for my clients since they 
contact omniNames without encryption.

I tried running omniNames with an SSL endpoint but got this error:

omniORB: ORB_init failed: unknown option (-ORBsslCAFile) in -ORB arguments
Failed to initialise the ORB / POA: INITIALIZE_InvalidORBInitArgs
Is omniNames already running?


In an SSL build of omniORB omniNames does not depend on libomnisslTP4.so.

Is it possible to encrypt the Naming Service communication?

Regards, Peter.