JacORB SSL woes
Andrea Venturoli
I'm writing a client-server application using C++ w. omniORB on the
server and JacORB on the client side.
Everything works fine as long as I don't use SSL, but I can't get the
latter to work.
Here's my code fragment:
System.setProperty("jacorb.security.support_ssl","on");
System.setProperty("jacorb.ssl.server_socket_factory","orb.jacorb.security.ssl.sun_jsse.SSLServerSocketFactory");
System.setProperty("jacorb.ssl.socket_factory","orb.jacorb.security.ssl.sun_jsse.SSLSocketFactory");
System.setProperty("jacorb.security.keystore","/fullpath/keystore.jks");
System.setProperty("jacorb.security.keystore_password","keystorepass");
System.setProperty("jacorb.security.jsse.trustees_from_ks","true");
System.setProperty("jacorb.security.jsse.log.verbosity","4"); // *a)
System.setProperty("jacorb.security.ssl.client.required_options","60");
// *b)
System.setProperty("jacorb.security.ssl.client.supported_options","60");
// *b)
String args[]={"-ORBInitialPort","2809","-ORBInitialHost","127.0.0.1"};
java.util.Properties props=new java.util.Properties();
props.put("ORBInitRef.NameService","corbaloc:iiop:server_hostname:2809/NameService");
props.put("org.omg.CORBA.ORBClass","org.jacorb.orb.ORB");
props.put("org.omg.CORBA.ORBSingletonClass","org.jacorb.orb.ORBSingleton");
props.put("org.omg.PortableInterceptor.ORBInitializerClass.bidir_init","org.jacorb.orb.giop.BiDirConnectionInitializer");
//*c)
Orb=org.omg.CORBA.ORB.init(args,props);
org.omg.CosNaming.NamingContextExt
ncRef=org.omg.CosNaming.NamingContextExtHelper.narrow(Orb.resolve_initial_references("NameService"));
ServeClass
Server=ServerClassHelper.narrow(ncRef.resolve_str("My.MyContext/ServerClass.Object"));
System.out.println("Obtained a handle on server object: "+Server); // *d)
System.out.println("Server version is "+Server.GetVersion()); // *e)
*a) with or without this line I get almost no output.
I tried with and without *b); nothing changes.
*c): Notice I'm using bidirectional IIOP.
*d) effectively prints an IOR (see below), so connecting to the
nameservice works.
*e) is what generates an exception:
ERROR: org.omg.CORBA.TRANSIENT: Retries exceeded, couldn't reconnect to null
org.omg.CORBA.TRANSIENT: Retries exceeded, couldn't reconnect to null
dior on the above IOR displays:
------IOR components-----
TypeId : IDL:My/ServerClass:1.0
TAG_INTERNET_IOP Profiles:
Profile Id: 0
IIOP Version: 1.2
Host: localhost
Port: 0
Object key (URL): ...
Object key (hex): ...
-- Found 3 Tagged Components--
#0: TAG_ORB_TYPE
Type: 1096045568 (Foreign)
#1: TAG_CODE_SETS
ForChar native code set Id: ISO8859_1
Char Conversion Code Sets: UTF8
ForWChar native code set Id: UTF16
WChar Conversion Code Sets: UTF16
#2: TAG_SSL_SEC_TRANS
target_supports : Integrity, Confidentiality,
EstablishTrustInTarget, EstablishTrustInClient
target_requires : Integrity, Confidentiality,
EstablishTrustInTarget, EstablishTrustInClient
SSL Port : 60606
I'm using JDK 1.5 or 1.6 and I've tried everything I could think of, but
I can't seem to get through. Any hint?
Even getting some more debug output would help, since "reconnect to
null" is the only useful thing I see.
bye & Thanks
av.
ap...@student.open.ac.uk
> I'm writing a client-server application using C++ w. omniORB on the
> server and JacORB on the client side.
> Everything works fine as long as I don't use SSL, but I can't get the
> latter to work.
> I'm using JDK 1.5 or 1.6 and I've tried everything I could think of, but
> I can't seem to get through. Any hint?
I'm sorry I can't help you, my reply is to do with jacORB support. I
seem to remember something was posted about this on the jacORB
mailing list. I do not recall seeing any response. The bug number is
799, see http://www.jacorb.org/cgi-bin/bugzilla/show_bug.cgi?id=799.
You might want to look at that to see if you can add any useful info
to the ticket. It has been assigned to someone in PrismTech.
Regards,
Andrew Marlow
Andrea Venturoli
> I'm sorry I can't help you
Well, thanks anyway.
> my reply is to do with jacORB support.
Unfortunately I had already written on their mailing list, but received
no answer.
> I
> seem to remember something was posted about this on the jacORB
> mailing list. I do not recall seeing any response.
In fact I had checked it too, found some questions, but no answer.
> The bug number is
> 799, see http://www.jacorb.org/cgi-bin/bugzilla/show_bug.cgi?id=799.
> You might want to look at that to see if you can add any useful info
> to the ticket. It has been assigned to someone in PrismTech.
I had a look at this page, but, although similar, this doesn't seem to
be the same problem I'm experiencing.
He says he is trying to connect to a nameserver via SSL and that fails.
I'm connecting to the nameserver in plain; the nameserver returns an IOR
pointing to an object through SSL, but then JacORB can't seem to reach that.
bye & Thanks
av.
ap...@student.open.ac.uk
> ap...@student.open.ac.uk ha scritto:
> > The bug number is
> > 799, seehttp://www.jacorb.org/cgi-bin/bugzilla/show_bug.cgi?id=799.
> > You might want to look at that to see if you can add any useful info
> > to the ticket. It has been assigned to someone in PrismTech.
>
> I had a look at this page, but, although similar, this doesn't seem to
> be the same problem I'm experiencing.
I would file a bugzilla report if I were you.
I don't know if you are in a position to pay for commercial support
but if you are I suggest you contact OCI to see what sort of support
they offer for JacORB. I have dealt with OCI before for a proprietary
project that uses ACE and TAO and they were (IMO) very good. They
support jacORB as well as TAO. Alternatively you could contact
PrismTech who are quite active in this area.
-Andrew Marlow