[jacorb-developer] Bidirectional GIOP not working when SSL enabled
Mohan E, Kiran (Kiran)
kiran.mohan at alcatel-lucent.com
Wed Apr 9 12:07:40 CEST 2014
Hi,
I have been experimenting with jacorb v2.3.1 and its demo programs. I modified the bidirectional GIOP example (jacorb-2.3.1/demo/bidir) so that the server/client programs would run in a loop and also added SSL support to it. And I noticed the same erroneous behavior here.
### SSL turned off
# 5901 server
java 5901 root 5u IPv6 3385079 TCP *:58700 (LISTEN)
java 5901 root 7u IPv6 3385080 TCP server13:58700-> server13:56944 (ESTABLISHED)
# 5928 client
java 5928 root 5u IPv6 3385126 TCP *:35676 (LISTEN)
java 5928 root 8u IPv6 3385130 TCP server13:56944-> server13:58700 (ESTABLISHED)
Observation: port 35676 on which the client is listening has no connections. This is ok and Bidirectional GIOP works.
### SSL turned ON
# 5758 server
java 5758 root 5u IPv6 3384617 TCP *:54307 (LISTEN)
java 5758 root 7u IPv6 3384620 TCP server13:54307-> server13:36118 (ESTABLISHED) # OK
java 5758 root 9u IPv6 3384652 TCP server13:41518-> server13:50609 (ESTABLISHED) # Not OK
5782 client
java 5782 root 5u IPv6 3384646 TCP *:50609 (LISTEN)
java 5782 root 7u IPv6 3384649 TCP server13:50609-> server13:41518 (ESTABLISHED) # Not OK
java 5782 root 8u IPv6 3384650 TCP server13:36118-> server13:54307 (ESTABLISHED) # OK
Observation: connection is established on port 50609 on which the client is listening. This is not ok.
Does this mean there is a bug in the SSL/Bidirectional GIOP implementation? Or is there any configuration I am missing?
Thanks and Regards,
Kiran Mohan E
ALCATEL-LUCENT
-----Original Message-----
From: jacorb-developer-bounces~kiran.mohan=alcatel-lucent.com at lists.spline.inf.fu-berlin.de [mailto:jacorb-developer-bounces~kiran.mohan=alcatel-lucent.com at lists.spline.inf.fu-berlin.de] On Behalf Of Mohan E, Kiran (Kiran)
Sent: Tuesday, April 08, 2014 3:17 PM
To: Discussions concerning CORBA development with JacORB
Subject: Re: [jacorb-developer] Bidirectional GIOP not working when SSL enabled
Unfortunately no.
We have plans to update to Jacorb version 2.3.1 but not to 3.x versions.
Is the reported issue a known bug? Will it work with 3.4?
Thanks and Regards,
Kiran Mohan E
ALCATEL-LUCENT
-----Original Message-----
From: jacorb-developer-bounces~kiran.mohan=alcatel-lucent.com at lists.spline.inf.fu-berlin.de<mailto:jacorb-developer-bounces~kiran.mohan=alcatel-lucent.com at lists.spline.inf.fu-berlin.de> [mailto:jacorb-developer-bounces~kiran.mohan=alcatel-lucent.com at lists.spline.inf.fu-berlin.de] On Behalf Of Nick Cross
Sent: Tuesday, April 08, 2014 2:57 PM
To: Discussions concerning CORBA development with JacORB
Subject: Re: [jacorb-developer] Bidirectional GIOP not working when SSL enabled
Could you retest with the current version please (currently 3.4) ?
Thanks
Nick
On 08/04/14 06:17, Mohan E, Kiran (Kiran) wrote:
> Hi,
>
> We have server and client GUI that are communicating with each other
> using CORBA (jacorb 2.1). Bidirectional GIOP works for this
> application when SSL is not enabled, i.e., there is only one set of
> ports that are connected to each other.
>
> For example, from "lsof" output, port A (non-ssl,server) is connected
> to port B (client). There are some additional ports opened by the
> client but they are in listen status and not connected to any server
> ports.
>
> With SSL enabled, the client is connected to SSL enabled port of the
> server. But connections are also made between some other ports of both
> the client and the server which we were not expecting with
> Bidirectional GIOP.
>
> For example check the below output
>
> # 15549 server # 8121 is SSL port, 8021 is non-ssl port java 15549
> root 20u IPv6 110418063 0t0 TCP
> server35:8121->server35:52834 (ESTABLISHED) java 15549 root 23u
> IPv6 110211870 0t0 TCP *:8021 (LISTEN) java 15549 root
> 26u IPv6 110211871 0t0 TCP *:8121 (LISTEN) java 15549
> root 32u IPv6 110400867 0t0 TCP
> server35:8121->server35:52833 (ESTABLISHED) java 15549 root 45u
> IPv6 110425765 0t0 TCP server35:60829->server35:33329
> (ESTABLISHED)
>
> # 4241 client java 4241 root 53u IPv6 110417817
> 0t0 TCP *:49321 (LISTEN) java 4241 root 63u IPv6
> 110418062 0t0 TCP server35:52833->server35:8121
> (ESTABLISHED) java 4241 root 64u IPv6 110418064
> 0t0 TCP server35:52834->server35:8121 (ESTABLISHED) java
> 4241 root 65u IPv6 110418066 0t0 TCP *:36270
> (LISTEN) java 4241 root 68u IPv6 110418067 0t0
> TCP *:33329 (LISTEN) java 4241 root 72u IPv6 110418069
> 0t0 TCP server35:33329->server35:60829 (ESTABLISHED)
>
> Could someone please help me understand why this could be happening?
> How do I go about debugging the application to ensure Bidirectional
> GIOP works even with SSL enabled? Thanks and Regards, Kiran Mohan E
>
>
> _______________________________________________ jacorb-developer
> maillist - jacorb-developer at lists.spline.inf.fu-berlin.de<mailto:jacorb-developer at lists.spline.inf.fu-berlin.de>
> https://lists.spline.inf.fu-berlin.de/mailman/listinfo/jacorb-develope
> r
>
_______________________________________________
jacorb-developer maillist - jacorb-developer at lists.spline.inf.fu-berlin.de<mailto:jacorb-developer at lists.spline.inf.fu-berlin.de>
https://lists.spline.inf.fu-berlin.de/mailman/listinfo/jacorb-developer
_______________________________________________
jacorb-developer maillist - jacorb-developer at lists.spline.inf.fu-berlin.de<mailto:jacorb-developer at lists.spline.inf.fu-berlin.de>
https://lists.spline.inf.fu-berlin.de/mailman/listinfo/jacorb-developer
More information about the jacorb-developer
mailing list