<div dir="ltr"><div class="gmail_quote gmail_quote_container"><div dir="ltr" class="gmail_attr">Am Mo., 11. Mai 2026 um 11:09 Uhr schrieb Daniel Krügler <<a href="mailto:daniel.kruegler@gmail.com">daniel.kruegler@gmail.com</a>>:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div>Hi,</div><div><br></div><div>We are currently moving our CORBA server (Based on JacORB) towards an SSL-only configuration, i.e. we deactivate the regular CORBA port completely and allow only CORBA SSL (via ssliop). Our clients are based on OmniORB and we currently try to find an OmniORB configuration that works both for a CORBA server which supports (a) both plain CORBA and CORBA SSL and (b) only CORBA-SSL [To clarify: The expectation is, that the client is connecting via CORBA SSL, but should not know whether the server accepts either both CORBA SSL and plain CORBA or only CORBA SSL].</div><div><br></div><div>During my experiments I stumbled across the following issue when CORBA callbacks are involved (That is: The OmniORB client registers a callback on the
JacORB server).</div><div><br></div><div>Originally I had the following set in the OmniORB configuration:</div><div><br></div><div>clientTransportRule = * ssl,unix,tcp,bidir</div><div><br></div><div>serverTransportRule = * ssl,unix,tcp,bidir</div><div><br></div><div>endPoint = giop:ssl::<br> = giop:tcp::</div><div><br></div><div>(A) My expectation was that under these client settings of
endPoint giop:ssl::would be still preferred regardless of the server constraints, but that doesn't seem to hold. If the server is configured SSL-only, the client callback waits endlessly and is not called (without producing a CORBA connection error visible in the omniORB log file even under traceLevel=40. I found that it is required to set</div><div><br></div><div>
<div></div><div>endPoint = giop:ssl::</div><div><br></div><div>to ensure that a client callback is called regardless whether the server is configured SSL-only or not. Is this behaviour expected and my chosen configuration the right one? What is the reason for this? </div><div><br></div><div>(B) Then I tested the same scenario using unidirectional connection instead of bidirectional configuration (The POA construction was correspondingly adjusted programmatically), i.e.</div><br></div><div>
<div></div><div>clientTransportRule = * ssl,unix,tcp</div><div><br></div><div>serverTransportRule = * ssl,unix,tcp</div><div><br></div><div>endPoint = giop:ssl::</div><div><br></div><div>Under these conditions the client callback never becomes called when being connected to a server configured as SSL-only. I'm wondering now, what kind of OmniORB setting is required to make callbacks work under such unidirectional conditions?</div><div><br></div><div>Thanks for any hint,</div><div><br></div><div>- Daniel</div></div></div></blockquote><div><br></div><div>We have now understood the problems that I reported above: They have been causes by a misconfigured JacORB server. For those experiencing similar problems: In this server the default configuration of the following properties was:</div><div><br>
<span><code class="gmail-_ca0qyh40 gmail-_u5f3m5ip gmail-_n3tdyh40 gmail-_19bvm5ip gmail-_2rkofajl gmail-_11c819w5 gmail-_1reo1wug gmail-_18m91wug gmail-_1dqoglyw gmail-_1e0c1nu9 gmail-_bfhk187e gmail-_16d9qvcn gmail-_syazi7uo gmail-_vwz41kw7 gmail-_1i4q1hna gmail-_o5721jtm">jacorb.security.ssl.client.supported_options=0</code><br><code class="gmail-_ca0qyh40 gmail-_u5f3m5ip gmail-_n3tdyh40 gmail-_19bvm5ip gmail-_2rkofajl gmail-_11c819w5 gmail-_1reo1wug gmail-_18m91wug gmail-_1dqoglyw gmail-_1e0c1nu9 gmail-_bfhk187e gmail-_16d9qvcn gmail-_syazi7uo gmail-_vwz41kw7 gmail-_1i4q1hna gmail-_o5721jtm">jacorb.security.ssl.client.required_options=0</code><br><code class="gmail-_ca0qyh40 gmail-_u5f3m5ip gmail-_n3tdyh40 gmail-_19bvm5ip gmail-_2rkofajl gmail-_11c819w5 gmail-_1reo1wug gmail-_18m91wug gmail-_1dqoglyw gmail-_1e0c1nu9 gmail-_bfhk187e gmail-_16d9qvcn gmail-_syazi7uo gmail-_vwz41kw7 gmail-_1i4q1hna gmail-_o5721jtm">jacorb.security.ssl.server.supported_options=0</code><br><code class="gmail-_ca0qyh40 gmail-_u5f3m5ip gmail-_n3tdyh40 gmail-_19bvm5ip gmail-_2rkofajl gmail-_11c819w5 gmail-_1reo1wug gmail-_18m91wug gmail-_1dqoglyw gmail-_1e0c1nu9 gmail-_bfhk187e gmail-_16d9qvcn gmail-_syazi7uo gmail-_vwz41kw7 gmail-_1i4q1hna gmail-_o5721jtm">jacorb.security.ssl.server.required_options=0</code></span>
</div><div><br></div><div>This alone is not the actual problem, because we overwrote these values programmatically to the value 20 for each, but only partially! By making these changes complete no changes in the omniORB setting where needed at all, we could stay with</div><div><br></div><div>
endPoint = giop:ssl::<br> = giop:tcp::</div><div><br></div><div>Regards,</div><div><br></div><div>- Daniel</div></div></div>