geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rick McGuire (JIRA)" <...@geronimo.apache.org>
Subject [jira] Commented: (GERONIMO-2002) OpenEJB CORBA SSL should use Keystore GBean
Date Fri, 12 May 2006 10:18:08 GMT
    [ http://issues.apache.org/jira/browse/GERONIMO-2002?page=comments#action_12383187 ] 

Rick McGuire commented on GERONIMO-2002:
----------------------------------------

Ok, another question as I drill a little deeper into this.  The server side of the CORBA connection
requires creating an SSLServerSocketFactory instance (which KeystoreManager handles).  The
client side requires creating an SSLSocketFactory instance (which is not currently handled
by the KeystoreManager API, but I'll add that).  The client and server ends do not necessarily
need to be configured with the same truststore and keystore values (but they can be).  Which
approach should be used here:

1)  Single set of properties used to configure both the client-side and server-side connections.
 Note that an ORB may require both types since it can be acting as both a server and a client
to access remote references. 

2)  Different properties for the client and server.

3)  Some other approach I've not considered?  

> OpenEJB CORBA SSL should use Keystore GBean
> -------------------------------------------
>
>          Key: GERONIMO-2002
>          URL: http://issues.apache.org/jira/browse/GERONIMO-2002
>      Project: Geronimo
>         Type: Improvement
>     Security: public(Regular issues) 
>   Components: security, CORBA
>     Versions: 1.1
>     Reporter: Aaron Mulder
>      Fix For: 1.1

>
> OpenEJB initializes CORBA using a plain SSL socket factory and therefore only sees SSL
keystore/trust store settings configured as system properties.  We should change this to use
the KeystoreManager API instead.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


Mime
View raw message