[tao-users] CORBA SSLIOP client with multiple SSL-certificates
bneuhofer at EUROFUNK.COM
Thu Jun 9 00:53:13 CDT 2016
TAO VERSION: 2.3.4
ACE VERSION: 6.3.4
HOST MACHINE and OPERATING SYSTEM:
Suse Enterprise Linux 11 SP3
COMPILER NAME AND VERSION (AND PATCHLEVEL):
gcc (SUSE Linux) 4.7.2 20130108 [gcc-4_7-branch revision 195014]
DOES THE PROBLEM AFFECT:
A multithreaded client which connects to multiple CORBA-Servers simultaneously via SSLIOP. Each Server has the same CORBA-Interface but a different set of SSL-Keys.
I'm trying to write a client with the ACE+TAO framework which connects to multiple CORBA-Servers simultaneously (Separate ORB for each connection). Each Server has the same CORBA-Interface but a different set of SSL-Keys.
So each client has to use different SSL-Keys to be able to connect to the server.
I've got multiple client configs:
dynamic SSLIOP_Factory Service_Object * TAO_SSLIOP:_make_TAO_SSLIOP_Protocol_Factory() "-SSLAuthenticate SERVER_AND_CLIENT -SSLPrivateKey 'PEM:client3-key.pem' -SSLCertificate 'PEM:client3-client-cert.pem' -SSLCAFile 'PEM:client3-cacert.pem'"
dynamic Advanced_Resource_Factory Service_Object* TAO_Strategies:_make_TAO_Advanced_Resource_Factory() "-ORBProtocolFactory SSLIOP_Factory"
static Client_Strategy_Factory "-ORBConnectStrategy blocked"
When I initialize the first ORB then I can see that the SSLIOP Protocol is loaded and the keys for the first client are also loaded. The connection to the first server then works as intended.
But when I try to initialize a connection to the second Server (which uses different SSL-Keys) I can see that when the new ORB is initialized the SSLIOP Protocol is not initialized and still uses the SSL-Keys from the first server. As a consequence the connection to the second server fails.
CORBA::Object_var object = m_orb->string_to_object(m_ior_file.c_str());
fails with CORBA::TRANSIENT because the Keys do not match the server.
I tried passing "-ORBGestalt" "Local" and "-ORBCollocation" "no" to CORBA::ORB_init(), but without any success still the SSLIOP Protocol is only being configured the first time.
Is there any way to specify different SSL-Keys for different IORs or to reconfigure the SSLIOP Protocol for each ORB?
Any hint or keyword for a search is highly appreciated. Thank you!
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the tao-users