You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@geronimo.apache.org by Juergen Weber <we...@gmail.com> on 2009/09/26 11:38:08 UTC
Yoko Corba client cannot reach EJB via SSL
Hi,
with your
http://www.nabble.com/NameService-returns-IOR-pointing-to-host-0.0.0.0-td25391214s134.html
help I got a Yoko pure Corba Client calling an EJB.
(2.2-SNAPSHOT
Build 2009.09.16-14:12:22.112-0400)
Now I want to try the same with SSL enabled. I got the
http://svn.apache.org/viewvc/geronimo/sandbox/magicGball/magicGball-ear/src/main/plan/magicgball-corba-plan.xml
magicGball SSL TSS definition and linked the EJB to it. It deploys and
seems to run. Firefox can get Geronimo's SSL certificate from
https://linda:2001.
The client can get the IOR, but home.create() fails with
Exception in thread "main" org.omg.CORBA.TRANSIENT: attempt to establish
connection failed: connect: Address is invalid on local machine, or port is
not valid on remote machine vmcid: 0x41534000 minor code: 1 completed: No
at
org.apache.yoko.orb.OCI.IIOP.Connector_impl.connect(Connector_impl.java:124)
How can you get Yoko to use the SSL definitions in the IOR and correctly
address the SSL port? There should be all necessary information in the IOR.
Thanks,
Juergen
The JacORB dior parsed IOR:
------IOR components-----
TypeId :
RMI:org.apache.geronimo.testsuite.corba.mytime.MyTimeHome:0000000000000000
TAG_INTERNET_IOP Profiles:
Profile Id: 0
IIOP Version: 1.2
Host: 192.168.44.128
Port: 0
Object key (URL):
%AB%AC%AB11253952623%00_RootPOA%00SSLClientPassword%00corba-mytime-ejb-2.0.2.jar/MyTime%00%00corba-mytime-ejb-2.0.2.jar/MyTime
Object key (hex): 0xAB AC AB 31 31 32 35 33 39 35 32 36 32 33 00 5F 52 6F
6F 74 50 4F 41 00 53 53 4C 43 6C 69 65 6E 74 50 61 73 73 77 6F 72 64 00 63
6F 72 62 61 2D 6D 79 74 69 6D 65 2D 65 6A 62 2D 32 2E 30 2E 32 2E 6A 61 72
2F 4D 79 54 69 6D 65 00 00 63 6F 72 62 61 2D 6D 79 74 69 6D 65 2D 65 6A 62
2D 32 2E 30 2E 32 2E 6A 61 72 2F 4D 79 54 69 6D 65
-- Found 4 Tagged Components--
#0: TAG_CODE_SETS
ForChar native code set Id: ISO8859_1
Char Conversion Code Sets: Unknown TCS: 0x00010020
, UTF8
ForWChar native code set Id: UTF16
WChar Conversion Code Sets: Unknown tag : 32
Unknown tag : 31
#3: TAG_CSI_SEC_MECH_LIST
is stateful: false
CompoundSecMech #0
target_requires: 70
transport mechanism tag: TAG_TLS_SEC_TRANS
TLS SEC TRANS target requires: 6
TLS SEC TRANS target supports: 38
TLS SEC TRANS address: linda:2001
AS_ContextSec target_supports: 64
AS_ContextSec target_requires: 64
AS_ContextSec mech: 06 06 67 81 02 01 01 01
AS_ContextSec target_name: default
SAS_ContextSec target_supports: 0
SAS_ContextSec target_requires: 0
SAS_ContextSec Naming types: 0
--
View this message in context: http://www.nabble.com/Yoko-Corba-client-cannot-reach-EJB-via-SSL-tp25623753s134p25623753.html
Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.
Re: Yoko Corba client cannot reach EJB via SSL
Posted by Rick McGuire <ri...@gmail.com>.
The Yoko ORB does not directly support SLL connections. That capability
can only be added by building an SSL capable ORB using the appropriate
interceptors and plugins to enable the SLL transport. That is
capability that the Geronimo server and client provide for the ORB
instances it uses to publish and access CORBA objects, and it requires a
bit of ORB configuration to get it to work. I'm not aware of any ORB
implementation that provides "out-of-the-box" SLL transport client support.
Rick
Juergen Weber wrote:
> Hi,
>
> with your
> http://www.nabble.com/NameService-returns-IOR-pointing-to-host-0.0.0.0-td25391214s134.html
> help I got a Yoko pure Corba Client calling an EJB.
> (2.2-SNAPSHOT
> Build 2009.09.16-14:12:22.112-0400)
>
> Now I want to try the same with SSL enabled. I got the
> http://svn.apache.org/viewvc/geronimo/sandbox/magicGball/magicGball-ear/src/main/plan/magicgball-corba-plan.xml
> magicGball SSL TSS definition and linked the EJB to it. It deploys and
> seems to run. Firefox can get Geronimo's SSL certificate from
> https://linda:2001.
>
> The client can get the IOR, but home.create() fails with
> Exception in thread "main" org.omg.CORBA.TRANSIENT: attempt to establish
> connection failed: connect: Address is invalid on local machine, or port is
> not valid on remote machine vmcid: 0x41534000 minor code: 1 completed: No
> at
> org.apache.yoko.orb.OCI.IIOP.Connector_impl.connect(Connector_impl.java:124)
>
> How can you get Yoko to use the SSL definitions in the IOR and correctly
> address the SSL port? There should be all necessary information in the IOR.
>
> Thanks,
> Juergen
>
> The JacORB dior parsed IOR:
> ------IOR components-----
> TypeId :
> RMI:org.apache.geronimo.testsuite.corba.mytime.MyTimeHome:0000000000000000
> TAG_INTERNET_IOP Profiles:
> Profile Id: 0
> IIOP Version: 1.2
> Host: 192.168.44.128
> Port: 0
> Object key (URL):
> %AB%AC%AB11253952623%00_RootPOA%00SSLClientPassword%00corba-mytime-ejb-2.0.2.jar/MyTime%00%00corba-mytime-ejb-2.0.2.jar/MyTime
> Object key (hex): 0xAB AC AB 31 31 32 35 33 39 35 32 36 32 33 00 5F 52 6F
> 6F 74 50 4F 41 00 53 53 4C 43 6C 69 65 6E 74 50 61 73 73 77 6F 72 64 00 63
> 6F 72 62 61 2D 6D 79 74 69 6D 65 2D 65 6A 62 2D 32 2E 30 2E 32 2E 6A 61 72
> 2F 4D 79 54 69 6D 65 00 00 63 6F 72 62 61 2D 6D 79 74 69 6D 65 2D 65 6A 62
> 2D 32 2E 30 2E 32 2E 6A 61 72 2F 4D 79 54 69 6D 65
> -- Found 4 Tagged Components--
> #0: TAG_CODE_SETS
> ForChar native code set Id: ISO8859_1
> Char Conversion Code Sets: Unknown TCS: 0x00010020
> , UTF8
> ForWChar native code set Id: UTF16
> WChar Conversion Code Sets: Unknown tag : 32
> Unknown tag : 31
> #3: TAG_CSI_SEC_MECH_LIST
> is stateful: false
> CompoundSecMech #0
> target_requires: 70
> transport mechanism tag: TAG_TLS_SEC_TRANS
> TLS SEC TRANS target requires: 6
> TLS SEC TRANS target supports: 38
> TLS SEC TRANS address: linda:2001
> AS_ContextSec target_supports: 64
> AS_ContextSec target_requires: 64
> AS_ContextSec mech: 06 06 67 81 02 01 01 01
> AS_ContextSec target_name: default
> SAS_ContextSec target_supports: 0
> SAS_ContextSec target_requires: 0
> SAS_ContextSec Naming types: 0
>
>
>
>
>
>