[jacorb-developer] CORBA/SSL and identity verifying

[Hugo Roenick]

Hi guys.

While doing some tests of CORBA over SSL, we came up with a question that we would like to share with you. On ours understanding about SSL, we expect that when communication with this protocol we would be protected from a "man in the middle" attack due to the capability of the protocol to validate the identities of the communicating parties.
This identification can be done by some rule of validation, like checking the name of the party with the certificate provided by this same party (as far as I know, browsers check if the URL match the identity provided on the certificate). 

When using the API provided by the JacORB, we couldn't find a way to retrieve the identity of a party so we could make a similar validation. We also don't know if JacORB already does this validation or if some configuration over it is available. The API allows us to define certificates from trustees parties (those who may act as CA) and levels of SSL supported or required, but we didn't find any other thing.

Are we missing something? 

Hope I was clear enough. Otherwise let me know...

Thanks in advance for any contribution or clarification.

Regards,
-- Hugo