Discussion:
[tao-users] How can I dedicate listening port for SSLIOP
(too old to reply)
Miroslav Štengl
2004-04-07 09:25:40 UTC
Permalink
How can I dedicate listening port for SSL (SSLIOP) ?

I use TAO 1.4 + ACE 5.4 (release Jan 14 2004), OpenSSL 0.9.7c, and in my
testing application I

1. run very simple hello server exporting its IOR in a file (ior.dat)

server -ORBSvcConf server.conf -ORBDottedDecimalAddresses
1 -ORBListenEndpoints iiop://192.168.0.202:12345 -o ior.dat

(Setting ORBListenEndpoints for protocol ssliop is omitted.)

server.conf:

dynamic SSLIOP_Factory Service_Object *
TAO_SSLIOP:_make_TAO_SSLIOP_Protocol_Factory() \
"-SSLAuthenticate SERVER_AND_CLIENT -SSLPrivateKey
PEM:key_srv.pem -SSLCertificate PEM:cert_srv.pem"
static Resource_Factory "-ORBProtocolFactory SSLIOP_Factory"

(CA certificate is specified in environment variable SSL_CERT_FILE)

2. manually transport IOR on target PC

3. on target PC run simple client importing server's IOR (ior.dat) and
getting hello from server

client -ORBSvcConf client.conf -ORBDottedDecimalAddresses 1 file://ior.dat

client.conf:

dynamic SSLIOP_Factory Service_Object *
TAO_SSLIOP:_make_TAO_SSLIOP_Protocol_Factory() \
"-SSLAuthenticate SERVER_AND_CLIENT -SSLPrivateKey
PEM:key_user.pem -SSLCertificate PEM:cert_user.pem"
static Resource_Factory "-ORBProtocolFactory SSLIOP_Factory"


(CA certificate is specified in environment variable SSL_CERT_FILE)

It all works, but SSL transport doesn't run on port 12345 on server's PC. I
can see it from debugging and from some sniffers like ethereal. I have
tested it on Linux (SuSE 8.2) and Windows XP and results are the same. For a
real enterprise deployment I need be able to dedicate server's listening
port (there are some firewals etc.).

Thanks for answer.
Mirek Stengl
Ossama Othman
2004-04-07 17:52:34 UTC
Permalink
Hi Mirek,
Post by Miroslav Å tengl
How can I dedicate listening port for SSL (SSLIOP) ?
I use TAO 1.4 + ACE 5.4 (release Jan 14 2004), OpenSSL 0.9.7c, and in my
testing application I
1. run very simple hello server exporting its IOR in a file (ior.dat)
server -ORBSvcConf server.conf -ORBDottedDecimalAddresses
1 -ORBListenEndpoints iiop://192.168.0.202:12345 -o ior.dat
(Setting ORBListenEndpoints for protocol ssliop is omitted.)
Use the "ssl_port" endpoint option. For example:

-ORBListenEndpoints iiop://192.168.0.202:12345/ssl_port=12346

This will cause an IIOP endpoint to be opened on port 12345 and a SSLIOP
endpoint to be opened on port 12346.
Post by Miroslav Å tengl
3. on target PC run simple client importing server's IOR (ior.dat) and
getting hello from server
client -ORBSvcConf client.conf -ORBDottedDecimalAddresses 1 file://ior.dat
"-ORBDottedDecimalAddresses 1" is a server side option. It has no
effect on the client side.

[snip]
Post by Miroslav Å tengl
It all works, but SSL transport doesn't run on port 12345 on server's PC. I
can see it from debugging and from some sniffers like ethereal. I have
tested it on Linux (SuSE 8.2) and Windows XP and results are the same. For a
real enterprise deployment I need be able to dedicate server's listening
port (there are some firewals etc.).
Port 12345 in your "-ORBListenEndpoint" ORB option is the IIOP port, not
the SSLIOP port. I've updated our $(TAO_ROOT)/docs/ORBEndpoint.html
file to include a SSLIOP endpoint description. The updated
documentation will appear in TAO 1.4.2.

HTH,
-Ossama
--
Ossama Othman <ossama @ dre . vanderbilt . edu>
1024D/F7A394A8 - 84ED AA0B 1203 99E4 1068 70E6 5EB7 5E71 F7A3 94A8
Miroslav Štengl
2004-04-08 07:10:48 UTC
Permalink
Thank You very much, it works fine !!! It's great !!!

Mirek Stengl

----- Original Message -----
From: "Ossama Othman" <***@dre.vanderbilt.edu>
To: "Miroslav Štengl" <***@fss.cz>
Cc: <tao-***@cs.wustl.edu>
Sent: Wednesday, April 07, 2004 7:46 PM
Subject: Re: [tao-users] How can I dedicate listening port for SSLIOP
Post by Ossama Othman
Hi Mirek,
Post by Miroslav Å tengl
How can I dedicate listening port for SSL (SSLIOP) ?
I use TAO 1.4 + ACE 5.4 (release Jan 14 2004), OpenSSL 0.9.7c, and in my
testing application I
1. run very simple hello server exporting its IOR in a file (ior.dat)
server -ORBSvcConf server.conf -ORBDottedDecimalAddresses
1 -ORBListenEndpoints iiop://192.168.0.202:12345 -o ior.dat
(Setting ORBListenEndpoints for protocol ssliop is omitted.)
-ORBListenEndpoints iiop://192.168.0.202:12345/ssl_port=12346
This will cause an IIOP endpoint to be opened on port 12345 and a SSLIOP
endpoint to be opened on port 12346.
Post by Miroslav Å tengl
3. on target PC run simple client importing server's IOR (ior.dat) and
getting hello from server
client -ORBSvcConf client.conf -ORBDottedDecimalAddresses 1
file://ior.dat
Post by Ossama Othman
"-ORBDottedDecimalAddresses 1" is a server side option. It has no
effect on the client side.
[snip]
Post by Miroslav Å tengl
It all works, but SSL transport doesn't run on port 12345 on server's PC. I
can see it from debugging and from some sniffers like ethereal. I have
tested it on Linux (SuSE 8.2) and Windows XP and results are the same. For a
real enterprise deployment I need be able to dedicate server's listening
port (there are some firewals etc.).
Port 12345 in your "-ORBListenEndpoint" ORB option is the IIOP port, not
the SSLIOP port. I've updated our $(TAO_ROOT)/docs/ORBEndpoint.html
file to include a SSLIOP endpoint description. The updated
documentation will appear in TAO 1.4.2.
HTH,
-Ossama
--
1024D/F7A394A8 - 84ED AA0B 1203 99E4 1068 70E6 5EB7 5E71 F7A3 94A8
Loading...