You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@geronimo.apache.org by "Aaron Mulder (JIRA)" <de...@geronimo.apache.org> on 2006/05/10 04:55:04 UTC
[jira] Created: (GERONIMO-2002) OpenEJB CORBA SSL should use
Keystore GBean
OpenEJB CORBA SSL should use Keystore GBean
-------------------------------------------
Key: GERONIMO-2002
URL: http://issues.apache.org/jira/browse/GERONIMO-2002
Project: Geronimo
Type: Improvement
Security: public (Regular issues)
Components: security, CORBA
Versions: 1.1
Reporter: Aaron Mulder
Fix For: 1.1
OpenEJB initializes CORBA using a plain SSL socket factory and therefore only sees SSL keystore/trust store settings configured as system properties. We should change this to use the KeystoreManager API instead.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
[jira] Assigned: (GERONIMO-2002) OpenEJB CORBA SSL should use
Keystore GBean
Posted by "Rick McGuire (JIRA)" <de...@geronimo.apache.org>.
[ http://issues.apache.org/jira/browse/GERONIMO-2002?page=all ]
Rick McGuire reassigned GERONIMO-2002:
--------------------------------------
Assign To: Rick McGuire
> OpenEJB CORBA SSL should use Keystore GBean
> -------------------------------------------
>
> Key: GERONIMO-2002
> URL: http://issues.apache.org/jira/browse/GERONIMO-2002
> Project: Geronimo
> Type: Improvement
> Security: public(Regular issues)
> Components: security, CORBA
> Versions: 1.1
> Reporter: Aaron Mulder
> Assignee: Rick McGuire
> Fix For: 1.2
>
> OpenEJB initializes CORBA using a plain SSL socket factory and therefore only sees SSL keystore/trust store settings configured as system properties. We should change this to use the KeystoreManager API instead.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
[jira] Commented: (GERONIMO-2002) OpenEJB CORBA SSL should use
Keystore GBean
Posted by "Rick McGuire (JIRA)" <de...@geronimo.apache.org>.
[ http://issues.apache.org/jira/browse/GERONIMO-2002?page=comments#action_12383183 ]
Rick McGuire commented on GERONIMO-2002:
----------------------------------------
Is anybody working on this? I'm willing to take a crack at it if not.
I do have a couple of questions on how it should be implemented. The socket factory used to create the SSLSockets is instantiated by the ORB based on a property value, rather than instantiated by the Geronimo configurator code. This means that socket factory code needs to call back into G. to somehow retrieve the KeyStore information. What's the appropriate mechanism to retrieve the Keystore GBean? Is is safe to assume this is a singleton, or can different ORB instances be configured to use different keystores?
> OpenEJB CORBA SSL should use Keystore GBean
> -------------------------------------------
>
> Key: GERONIMO-2002
> URL: http://issues.apache.org/jira/browse/GERONIMO-2002
> Project: Geronimo
> Type: Improvement
> Security: public(Regular issues)
> Components: security, CORBA
> Versions: 1.1
> Reporter: Aaron Mulder
> Fix For: 1.1
>
> OpenEJB initializes CORBA using a plain SSL socket factory and therefore only sees SSL keystore/trust store settings configured as system properties. We should change this to use the KeystoreManager API instead.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
[jira] Commented: (GERONIMO-2002) OpenEJB CORBA SSL should use
Keystore GBean
Posted by "Rick McGuire (JIRA)" <de...@geronimo.apache.org>.
[ http://issues.apache.org/jira/browse/GERONIMO-2002?page=comments#action_12383187 ]
Rick McGuire commented on GERONIMO-2002:
----------------------------------------
Ok, another question as I drill a little deeper into this. The server side of the CORBA connection requires creating an SSLServerSocketFactory instance (which KeystoreManager handles). The client side requires creating an SSLSocketFactory instance (which is not currently handled by the KeystoreManager API, but I'll add that). The client and server ends do not necessarily need to be configured with the same truststore and keystore values (but they can be). Which approach should be used here:
1) Single set of properties used to configure both the client-side and server-side connections. Note that an ORB may require both types since it can be acting as both a server and a client to access remote references.
2) Different properties for the client and server.
3) Some other approach I've not considered?
> OpenEJB CORBA SSL should use Keystore GBean
> -------------------------------------------
>
> Key: GERONIMO-2002
> URL: http://issues.apache.org/jira/browse/GERONIMO-2002
> Project: Geronimo
> Type: Improvement
> Security: public(Regular issues)
> Components: security, CORBA
> Versions: 1.1
> Reporter: Aaron Mulder
> Fix For: 1.1
>
> OpenEJB initializes CORBA using a plain SSL socket factory and therefore only sees SSL keystore/trust store settings configured as system properties. We should change this to use the KeystoreManager API instead.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
[jira] Updated: (GERONIMO-2002) OpenEJB CORBA SSL should use
Keystore GBean
Posted by "Rick McGuire (JIRA)" <de...@geronimo.apache.org>.
[ http://issues.apache.org/jira/browse/GERONIMO-2002?page=all ]
Rick McGuire updated GERONIMO-2002:
-----------------------------------
Fix Version: 1.2
(was: 1.1)
This change could be disruptive to the TCK interop tests, so it's better to defer this until after 1.1 ships.
> OpenEJB CORBA SSL should use Keystore GBean
> -------------------------------------------
>
> Key: GERONIMO-2002
> URL: http://issues.apache.org/jira/browse/GERONIMO-2002
> Project: Geronimo
> Type: Improvement
> Security: public(Regular issues)
> Components: security, CORBA
> Versions: 1.1
> Reporter: Aaron Mulder
> Assignee: Rick McGuire
> Fix For: 1.2
>
> OpenEJB initializes CORBA using a plain SSL socket factory and therefore only sees SSL keystore/trust store settings configured as system properties. We should change this to use the KeystoreManager API instead.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
[jira] Closed: (GERONIMO-2002) OpenEJB CORBA SSL should use
Keystore GBean
Posted by "Vamsavardhana Reddy (JIRA)" <ji...@apache.org>.
[ http://issues.apache.org/jira/browse/GERONIMO-2002?page=all ]
Vamsavardhana Reddy closed GERONIMO-2002.
-----------------------------------------
Resolution: Fixed
> OpenEJB CORBA SSL should use Keystore GBean
> -------------------------------------------
>
> Key: GERONIMO-2002
> URL: http://issues.apache.org/jira/browse/GERONIMO-2002
> Project: Geronimo
> Issue Type: Improvement
> Security Level: public(Regular issues)
> Components: security, CORBA
> Affects Versions: 1.1
> Reporter: Aaron Mulder
> Assigned To: Rick McGuire
> Fix For: 1.2
>
>
> OpenEJB initializes CORBA using a plain SSL socket factory and therefore only sees SSL keystore/trust store settings configured as system properties. We should change this to use the KeystoreManager API instead.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira