[omniORB] Callbacks in an CORBA-SSL-only environment

Daniel Krügler daniel.kruegler at gmail.com
Mon May 11 09:09:55 UTC 2026 

Hi,

We are currently moving our CORBA server (Based on JacORB) towards an
SSL-only configuration, i.e. we deactivate the regular CORBA port
completely and allow only CORBA SSL (via ssliop). Our clients are based on
OmniORB and we currently try to find an OmniORB configuration that works
both for a CORBA server which supports (a) both plain CORBA and CORBA SSL
and (b) only CORBA-SSL [To clarify: The expectation is, that the client is
connecting via CORBA SSL, but should not know whether the server accepts
either both CORBA SSL and plain CORBA or only CORBA SSL].

During my experiments I stumbled across the following issue when CORBA
callbacks are involved (That is: The OmniORB client registers a callback on
the  JacORB  server).

Originally I had the following set in the OmniORB configuration:

clientTransportRule =     *   ssl,unix,tcp,bidir

serverTransportRule =    *     ssl,unix,tcp,bidir

endPoint = giop:ssl::
               = giop:tcp::

(A) My expectation was that under these client settings of  endPoint
giop:ssl::would be still preferred regardless of the server constraints,
but that doesn't seem to hold. If the server is configured SSL-only, the
client callback waits endlessly and is not called (without producing a
CORBA connection error visible in the omniORB log file even under
traceLevel=40. I found that it is required to set

endPoint = giop:ssl::

to ensure that a client callback is called regardless whether the server is
configured SSL-only or not. Is this behaviour expected and my chosen
configuration the right one? What is the reason for this?

(B) Then I tested the same scenario using unidirectional connection instead
of bidirectional configuration (The POA construction was correspondingly
adjusted programmatically), i.e.

clientTransportRule =     *   ssl,unix,tcp

serverTransportRule =    *     ssl,unix,tcp

endPoint = giop:ssl::

Under these conditions the client callback never becomes called when being
connected to a server configured as SSL-only. I'm wondering now, what kind
of OmniORB setting is required to make callbacks work under such
unidirectional conditions?

Thanks for any hint,

- Daniel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.omniorb-support.com/pipermail/omniorb-list/attachments/20260511/9257fad8/attachment.htm>

More information about the omniORB-list mailing list