[jacorb-developer] Helo required with SSL

Christian Kerth christian.kerth at iosb.fraunhofer.de
Mon Mar 25 17:36:08 CET 2013 

Hello,

I checked how it is done in our code and we have some additional 
parameters set. Pieces that seem different from your solution are marked 
in bold:

                 pps.put("jacorb.ssl.socket_factory", 
"org.jacorb.security.ssl.sun_jsse.SSLSocketFactory");
                 pps.put("jacorb.ssl.server_socket_factory", 
"org.jacorb.security.ssl.sun_jsse.SSLServerSocketFactory");

                 pps.put("jacorb.security.keystore", 
config.getString("SSL.keyStore.filename"));
*pps.put("jacorb.security.keystore_user", 
config.getString("SSL.keyStore.alias"));
*                pps.put("jacorb.security.keystore_password", 
config.getString("SSL.keyStore.password"));

*pps.put("jacorb.security.truststore", 
config.getString("SSL.trustStore.filename"));*
                 pps.put("jacorb.security.jsse.trustees_from_ks", "on");
*  pps.put("jacorb.security.truststore_user", 
config.getString("SSL.trustStore.alias"));
                 pps.put("jacorb.security.truststore_password", 
config.getString("SSL.trustStore.password"));*


                 pps.put("jacorb.security.support_ssl", "on");
                 
pps.put("jacorb.security.ssl.client.supported_options",*"20"*);
                 
pps.put("jacorb.security.ssl.client.required_options",*"20"*);

                 
pps.put("jacorb.security.ssl.server.supported_options",*"20"*);
                 pps.put("jacorb.security.ssl.server.required_options", 
*"20"*);

                 pps.put("org.omg.CORBA.ORBClass", "org.jacorb.orb.ORB");
                 pps.put("org.omg.CORBA.ORBSingletonClass", 
"org.jacorb.orb.ORBSingleton");

We use different java key stores for truststore and keystore. Also 
filling these key stores is really annoying and tricky in some parts so 
you might want to check the contents of them as well. Hope this helps.

Am 25.03.2013 12:30, schrieb Darryl:
> Hi,
>
>
>
> I have been unable to resolve the SSL problems with my existing application so
> I thought I would to test against a simpler application first.
>
>
>
> I have taken the redir demo that is supplied with the Jacorb 3.2 source and
> added the following properties to enable SSL. (Note that these properties and
> the keystore files were taken from the SSL demo application)
>
>
>
> org.omg.CORBA.ORBClass=org.jacorb.orb.ORB
>
> org.omg.CORBA.ORBSingletonClass=org.jacorb.orb.ORBSingleton
>
> org.omg.PortableInterceptor.ORBInitializerClass.bidir_init=org.jacorb.orb.giop.B
> iDirConnectionInitializer
>
>
>
> jacorb.ssl.socket_factory=org.jacorb.security.ssl.sun_jsse.SSLSocketFactory
>
> jacorb.ssl.server_socket_factory=org.jacorb.security.ssl.sun_jsse.SSLServerSocke
> tFactory
>
> jacorb.security.support_ssl=on
>
>
>
>
>
> (Server Only)
>
> jacorb.security.ssl.server.supported_options=60
>
> jacorb.security.ssl.server.required_options=60
>
> jacorb.security.keystore=resources\\jsse_server_ks
>
> jacorb.security.keystore_password=jsse_server_ks_pass
>
> jacorb.security.jsse.trustees_from_ks=on // Read trusted certificates from the
> keystore
>
>
>
> (Client Only)
>
> jacorb.security.ssl.client.supported_options=60
>
> jacorb.security.ssl.client.required_options=60
>
> jacorb.security.keystore=resources\\jsse_client_ks
>
> jacorb.security.keystore_password=jsse_client_ks_pass
>
> jacorb.security.jsse.trustees_from_ks=on // Read trusted certificates from the
> keystore
>
>
>
>
>
>
>
> The bidir application runs ok with out these properties (i.e. no SSL) but when
> they are added the following exception is seen on the client
>
> org.omg.CORBA.COMM_FAILURE: IOException: javax.net.ssl.SSLException: error
> while writing to socket  vmcid: 0x0  minor code: 0  completed: No
>
> 	at org.jacorb.orb.etf.ConnectionBase.to_COMM_FAILURE
> (ConnectionBase.java:151)
>
> 	at org.jacorb.orb.iiop.IIOPConnection.handleCommFailure
> (IIOPConnection.java:78)
>
> 	at org.jacorb.orb.etf.StreamConnectionBase.flush
> (StreamConnectionBase.java:227)
>
> 	at org.jacorb.orb.giop.GIOPConnection.sendMessage
> (GIOPConnection.java:1061)
>
> 	at org.jacorb.orb.giop.GIOPConnection.sendRequest
> (GIOPConnection.java:987)
>
> 	at org.jacorb.orb.giop.ClientConnection.sendRequest
> (ClientConnection.java:308)
>
> 	at org.jacorb.orb.giop.ClientConnection.sendRequest
> (ClientConnection.java:289)
>
> 	at org.jacorb.orb.Delegate._invoke_internal(Delegate.java:1335)
>
> 	at org.jacorb.orb.Delegate.invoke_internal(Delegate.java:1160)
>
> 	at org.jacorb.orb.Delegate.invoke(Delegate.java:1148)
>
> 	at org.omg.CORBA.portable.ObjectImpl._invoke(ObjectImpl.java:475)
>
> 	at demo.idl._ServerStub.register_callback(_ServerStub.java:120)
>
> 	at demo.bidir.Client.main(Client.java:85)
>
>
>
>
>
> This error can be eliminated if I change use the following properties
>
> jacorb.security.ssl.server.required_options=0
>
> jacorb.security.ssl.client.required_options=0
>
> but this means that non encrypted communications is allowed which I don't wan't.
>
>
>
> Any help would be much appreciated.
>
> _______________________________________________
> jacorb-developer maillist  -  jacorb-developer at lists.spline.inf.fu-berlin.de
> https://lists.spline.inf.fu-berlin.de/mailman/listinfo/jacorb-developer

More information about the jacorb-developer mailing list