You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tomee.apache.org by "Rick McGuire (JIRA)" <ji...@apache.org> on 2007/01/25 20:11:49 UTC
[jira] Created: (OPENEJB-460) Rules for SSL client transport
selection need requirement.
Rules for SSL client transport selection need requirement.
-----------------------------------------------------------
Key: OPENEJB-460
URL: https://issues.apache.org/jira/browse/OPENEJB-460
Project: OpenEJB
Issue Type: Bug
Components: corba
Affects Versions: 2.3
Reporter: Rick McGuire
Assigned To: Rick McGuire
Fix For: 2.3
This is sort of a difficult situation to describe. In the past release, an ORB created by a CSSBean was created with a SocketFactory instance that would select the appropriate type of transport for a client connection. This decision was not made based on the CSSBean configuration, but rather based on the information encoded in the connection IOR.
With the reference implementation, it is fairly typical for the IORs to use a primary port address for a plain socket connection, but also have at least one alternate port encoded for a secure connection. The SocketFactory instance is recognizing this secure transport alternative, and selecting the most secure transport for the connection.
In the prior release, this worked ok because the SSL certificate information was configured using system properties, so it was global to the entire VM. In the new release, we're relying on the Geronimo KeystoreManager API for SSL factory creation and cert management. The SocketFactory has a fallback to the old way of processing, but when this is used, the connection will fail because the correct SSL certs cannot be located. The SocketFactory port selection logic needs to recognize that the ORB is not properly configured for SSL connections and use the primary plain socket connection.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Closed: (OPENEJB-460) Rules for SSL client transport
selection need refinement.
Posted by "Rick McGuire (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OPENEJB-460?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Rick McGuire closed OPENEJB-460.
--------------------------------
Resolution: Fixed
Committed revision 500002.
A simpler fix than originally envisioned. The certificate problem was caused by a bad config in the test case.
> Rules for SSL client transport selection need refinement.
> ---------------------------------------------------------
>
> Key: OPENEJB-460
> URL: https://issues.apache.org/jira/browse/OPENEJB-460
> Project: OpenEJB
> Issue Type: Bug
> Components: corba
> Affects Versions: 2.3
> Reporter: Rick McGuire
> Assigned To: Rick McGuire
> Fix For: 2.3
>
>
> This is sort of a difficult situation to describe. In the past release, an ORB created by a CSSBean was created with a SocketFactory instance that would select the appropriate type of transport for a client connection. This decision was not made based on the CSSBean configuration, but rather based on the information encoded in the connection IOR.
> With the reference implementation, it is fairly typical for the IORs to use a primary port address for a plain socket connection, but also have at least one alternate port encoded for a secure connection. The SocketFactory instance is recognizing this secure transport alternative, and selecting the most secure transport for the connection.
> In the prior release, this worked ok because the SSL certificate information was configured using system properties, so it was global to the entire VM. In the new release, we're relying on the Geronimo KeystoreManager API for SSL factory creation and cert management. The SocketFactory has a fallback to the old way of processing, but when this is used, the connection will fail because the correct SSL certs cannot be located. The SocketFactory port selection logic needs to recognize that the ORB is not properly configured for SSL connections and use the primary plain socket connection.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (OPENEJB-460) Rules for SSL client transport
selection need refinement.
Posted by "Rick McGuire (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OPENEJB-460?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Rick McGuire updated OPENEJB-460:
---------------------------------
Summary: Rules for SSL client transport selection need refinement. (was: Rules for SSL client transport selection need requirement. )
> Rules for SSL client transport selection need refinement.
> ---------------------------------------------------------
>
> Key: OPENEJB-460
> URL: https://issues.apache.org/jira/browse/OPENEJB-460
> Project: OpenEJB
> Issue Type: Bug
> Components: corba
> Affects Versions: 2.3
> Reporter: Rick McGuire
> Assigned To: Rick McGuire
> Fix For: 2.3
>
>
> This is sort of a difficult situation to describe. In the past release, an ORB created by a CSSBean was created with a SocketFactory instance that would select the appropriate type of transport for a client connection. This decision was not made based on the CSSBean configuration, but rather based on the information encoded in the connection IOR.
> With the reference implementation, it is fairly typical for the IORs to use a primary port address for a plain socket connection, but also have at least one alternate port encoded for a secure connection. The SocketFactory instance is recognizing this secure transport alternative, and selecting the most secure transport for the connection.
> In the prior release, this worked ok because the SSL certificate information was configured using system properties, so it was global to the entire VM. In the new release, we're relying on the Geronimo KeystoreManager API for SSL factory creation and cert management. The SocketFactory has a fallback to the old way of processing, but when this is used, the connection will fail because the correct SSL certs cannot be located. The SocketFactory port selection logic needs to recognize that the ORB is not properly configured for SSL connections and use the primary plain socket connection.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.