1
votes

I'm trying to add SSL to an existing CORBA app, and I keep getting this error:

org.omg.CORBA.NO_PERMISSION: Client-side policy requires SSL/TLS, but server doesn't support it  vmcid: 0x0  minor code:  0  completed: No
        at org.jacorb.orb.iiop.ClientIIOPConnection.checkSSL(ClientIIOPConnection.java:535)
        at org.jacorb.orb.iiop.ClientIIOPConnection.connect(ClientIIOPConnection.java:144)
        at org.jacorb.orb.giop.GIOPConnection.sendMessage(GIOPConnection.java:835)
        at org.jacorb.orb.giop.GIOPConnection.sendRequest(GIOPConnection.java:805)
        at org.jacorb.orb.giop.ClientConnection.sendRequest(ClientConnection.java:302)
        at org.jacorb.orb.giop.ClientConnection.sendRequest(ClientConnection.java:282)
        at org.jacorb.orb.Delegate.invoke_internal(Delegate.java:919)
        at org.jacorb.orb.Delegate.invoke(Delegate.java:868)
        at org.jacorb.orb.Delegate.is_a(Delegate.java:1268)
        at org.omg.CORBA.portable.ObjectImpl._is_a(ObjectImpl.java:112)
        at databridge.autogen.ILoginManagerHelper.narrow(ILoginManagerHelper.java:57)
        at databridge.test.Client.main(Client.java:59)


I have generated keystores for both client and server and exchanged the keys between the two. Using this setup, I can get the demo application that came in the JacORB download to run successfully. The only difference I can tell is that my test is using the Tie method to get the POA. There are some policies that go into that, but I can't find any information on what policies need to go in there to enable SSL, if any. I'm not even sure that's the problem as the JacORB demo doesn't set any policies on the server or poa. When I run the -Djavax.net.debug=ssl, I can see the keystores load up the trusted certs on both the client and the server. I'm just not sure what policies are being referred to here, but it's odd that the demo works and the test doesn't using the exact same keystores and properties.

I've emailed the mailing list, but I'm not holding out much hope as that doesn't seem to be very active. Any help would be greatly appreciated. Below are my properties files.

Server Props:

jacorb.security.support_ssl=on
jacorb.security.ssl.server.supported_options=60
jacorb.security.ssl.server.required_options=20
jacorb.ssl.socket_factory=org.jacorb.security.ssl.sun_jsse.SSLSocketFactory
jacorb.ssl.server_socket_factory=org.jacorb.security.ssl.sun_jsse.SSLServerSocketFactory
jacorb.security.keystore=dbserver.jks
jacorb.security.keystore_password=dbsslserver_pass
jacorb.security.jsse.trustees_from_ks=on
jacorb.security.jsse.log.verbosity=4
jacorb.implname=StandardImplName



client props

jacorb.security.support_ssl=on
jacorb.security.ssl.client.supported_options=60
jacorb.security.ssl.client.required_options=20
jacorb.ssl.socket_factory=org.jacorb.security.ssl.sun_jsse.SSLSocketFactory
jacorb.security.keystore=dbclient.jks
jacorb.security.keystore_password=dbsslclient_pass
jacorb.security.jsse.trustees_from_ks=on
jacorb.security.jsse.log.verbosity=4
jacorb.implname=StandardImplName
1

1 Answers

1
votes

OK nevermind, sorry. I was trying to connect to the wrong port. Had to use the OASSLPort property.