[omniORB] Interoperability of omniORBpy and MICO with SSL
Rob Ratcliff
rrr6399 at futuretek.com
Fri Nov 13 22:28:28 UTC 2020
Hi,
I have a MICO service that is configured to use SSL using these settings
-ORBCSIv2
-ORBCSIv2Realm @mydomain.com
-ORBIIOPAddr ssl:inet:0.0.0.0:0
-ORBGSSServerUser user1,user1 -ORBGSSClientUser user1,user1
-ORBSSLverify 1 -ORBSSLcert /home/user1/certs/user1_cert.pem
-ORBSSLkey /home/user1/certs/user1_key.pem
-ORBSSLCAfile /home/user1/certs/user1_ca_cert.pem
I have a service registered in the MICO naming service and would like to
use OmniORBpy to access it. I am able to get a reference to the custom
ssl service through by looking it up in the naming service, but the
connection fails to the service.
I used the following parameters in my omniorb.cfg file:
# sslAcceptTimeOut
#sslCAPath = /home/user1/certs
sslCAFile = /home/user1/certs/user1_ca_cert.pem
# sslCipherList
sslKeyFile = /home/user1/certs/user1/user1_key_cert.pem
sslKeyPassword = mypassword
sslVerifyMode = peer,fail
sslVerifyModeIncoming = peer,fail
I turned on debugging, but I noticed that OmniORB never seemed to be
trying to use SSL. I only saw addresses with tcp in them. (I
prioritized my connection protocols as ssl, tcp, unix in the omniorb.cfg
file.)
Other than compiling OmniORB and OmniORBpy with openssl enabled, is
there anything else that needs to be done to enable ssl communication in
OmniORBpy when access the service through an IOR or naming service
lookup? Do I need to explicitly need to specify a sslCipherList?
Has anybody demonstrated interoperability with MICO and OmniORB's using
SSL communication?
Thanks,
Rob
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.omniorb-support.com/pipermail/omniorb-list/attachments/20201113/e03d70a0/attachment.html>
More information about the omniORB-list
mailing list