[tao-users] CORBA SSLIOP client with multiple SSL-certificates

NEUHOFER Bernhard bneuhofer at EUROFUNK.COM
Thu Jun 9 00:53:13 CDT 2016


Hi,

TAO VERSION: 2.3.4
ACE VERSION: 6.3.4

HOST MACHINE and OPERATING SYSTEM:
Suse Enterprise Linux 11 SP3


COMPILER NAME AND VERSION (AND PATCHLEVEL):
gcc (SUSE Linux) 4.7.2 20130108 [gcc-4_7-branch revision 195014]

DOES THE PROBLEM AFFECT:
    COMPILATION? No
    LINKING? No
    EXECUTION? Yes

SYNOPSIS:
A multithreaded client which connects to multiple CORBA-Servers simultaneously via SSLIOP. Each Server has the same CORBA-Interface but a different set of SSL-Keys.

DESCRIPTION:

I'm trying to write a client with the ACE+TAO framework which connects to multiple CORBA-Servers simultaneously (Separate ORB for each connection). Each Server has the same CORBA-Interface but a different set of SSL-Keys.

So each client has to use different SSL-Keys to be able to connect to the server.

I've got multiple client configs:

dynamic SSLIOP_Factory Service_Object * TAO_SSLIOP:_make_TAO_SSLIOP_Protocol_Factory() "-SSLAuthenticate SERVER_AND_CLIENT -SSLPrivateKey 'PEM:client3-key.pem' -SSLCertificate 'PEM:client3-client-cert.pem' -SSLCAFile 'PEM:client3-cacert.pem'"
dynamic Advanced_Resource_Factory Service_Object* TAO_Strategies:_make_TAO_Advanced_Resource_Factory() "-ORBProtocolFactory SSLIOP_Factory"

static Client_Strategy_Factory "-ORBConnectStrategy blocked"

When I initialize the first ORB then I can see that the SSLIOP Protocol is loaded and the keys for the first client are also loaded. The connection to the first server then works as intended.

But when I try to initialize a connection to the second Server (which uses different SSL-Keys) I can see that when the new ORB is initialized the SSLIOP Protocol is not initialized and still uses the SSL-Keys from the first server. As a consequence the connection to the second server fails.

CORBA::Object_var object = m_orb->string_to_object(m_ior_file.c_str());

fails with CORBA::TRANSIENT because the Keys do not match the server.

I tried passing "-ORBGestalt" "Local" and "-ORBCollocation" "no" to CORBA::ORB_init(), but without any success still the SSLIOP Protocol is only being configured the first time.



Is there any way to specify different SSL-Keys for different IORs or to reconfigure the SSLIOP Protocol for each ORB?

Any hint or keyword for a search is highly appreciated. Thank you!

Best regards,
Bernhard Neuhofer


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://list.isis.vanderbilt.edu/pipermail/tao-users/attachments/20160609/0ad2afc7/attachment.html>


More information about the tao-users mailing list