Client-side policy error using JacORB (Java/CORBA) with SSL

Posted by jason on Stack Overflow See other posts from Stack Overflow or by jason
Published on 2010-03-29T16:52:01Z Indexed on 2010/03/29 16:53 UTC
Read the original article Hit count: 565

Filed under:
|
|

I'm trying to add SSL to an existing CORBA app, and I keep getting this error:

org.omg.CORBA.NO_PERMISSION: Client-side policy requires SSL/TLS, but server doesn't support it  vmcid: 0x0  minor code:  0  completed: No
        at org.jacorb.orb.iiop.ClientIIOPConnection.checkSSL(ClientIIOPConnection.java:535)
        at org.jacorb.orb.iiop.ClientIIOPConnection.connect(ClientIIOPConnection.java:144)
        at org.jacorb.orb.giop.GIOPConnection.sendMessage(GIOPConnection.java:835)
        at org.jacorb.orb.giop.GIOPConnection.sendRequest(GIOPConnection.java:805)
        at org.jacorb.orb.giop.ClientConnection.sendRequest(ClientConnection.java:302)
        at org.jacorb.orb.giop.ClientConnection.sendRequest(ClientConnection.java:282)
        at org.jacorb.orb.Delegate.invoke_internal(Delegate.java:919)
        at org.jacorb.orb.Delegate.invoke(Delegate.java:868)
        at org.jacorb.orb.Delegate.is_a(Delegate.java:1268)
        at org.omg.CORBA.portable.ObjectImpl._is_a(ObjectImpl.java:112)
        at databridge.autogen.ILoginManagerHelper.narrow(ILoginManagerHelper.java:57)
        at databridge.test.Client.main(Client.java:59)


I have generated keystores for both client and server and exchanged the keys between the two. Using this setup, I can get the demo application that came in the JacORB download to run successfully. The only difference I can tell is that my test is using the Tie method to get the POA. There are some policies that go into that, but I can't find any information on what policies need to go in there to enable SSL, if any. I'm not even sure that's the problem as the JacORB demo doesn't set any policies on the server or poa. When I run the -Djavax.net.debug=ssl, I can see the keystores load up the trusted certs on both the client and the server. I'm just not sure what policies are being referred to here, but it's odd that the demo works and the test doesn't using the exact same keystores and properties.

I've emailed the mailing list, but I'm not holding out much hope as that doesn't seem to be very active. Any help would be greatly appreciated. Below are my properties files.

Server Props:

jacorb.security.support_ssl=on
jacorb.security.ssl.server.supported_options=60
jacorb.security.ssl.server.required_options=20
jacorb.ssl.socket_factory=org.jacorb.security.ssl.sun_jsse.SSLSocketFactory
jacorb.ssl.server_socket_factory=org.jacorb.security.ssl.sun_jsse.SSLServerSocketFactory
jacorb.security.keystore=dbserver.jks
jacorb.security.keystore_password=dbsslserver_pass
jacorb.security.jsse.trustees_from_ks=on
jacorb.security.jsse.log.verbosity=4
jacorb.implname=StandardImplName



client props

jacorb.security.support_ssl=on
jacorb.security.ssl.client.supported_options=60
jacorb.security.ssl.client.required_options=20
jacorb.ssl.socket_factory=org.jacorb.security.ssl.sun_jsse.SSLSocketFactory
jacorb.security.keystore=dbclient.jks
jacorb.security.keystore_password=dbsslclient_pass
jacorb.security.jsse.trustees_from_ks=on
jacorb.security.jsse.log.verbosity=4
jacorb.implname=StandardImplName

© Stack Overflow or respective owner

Related posts about java

Related posts about corba