[jira] Commented: (GERONIMO-2002) OpenEJB CORBA SSL should use Keystore GBean
[ http://issues.apache.org/jira/browse/GERONIMO-2002?page=comments#action_12383183 ] Rick McGuire commented on GERONIMO-2002: Is anybody working on this? I'm willing to take a crack at it if not. I do have a couple of questions on how it should be implemented. The socket factory used to create the SSLSockets is instantiated by the ORB based on a property value, rather than instantiated by the Geronimo configurator code. This means that socket factory code needs to call back into G. to somehow retrieve the KeyStore information. What's the appropriate mechanism to retrieve the Keystore GBean? Is is safe to assume this is a singleton, or can different ORB instances be configured to use different keystores? OpenEJB CORBA SSL should use Keystore GBean --- Key: GERONIMO-2002 URL: http://issues.apache.org/jira/browse/GERONIMO-2002 Project: Geronimo Type: Improvement Security: public(Regular issues) Components: security, CORBA Versions: 1.1 Reporter: Aaron Mulder Fix For: 1.1 OpenEJB initializes CORBA using a plain SSL socket factory and therefore only sees SSL keystore/trust store settings configured as system properties. We should change this to use the KeystoreManager API instead. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (GERONIMO-2002) OpenEJB CORBA SSL should use Keystore GBean
[ http://issues.apache.org/jira/browse/GERONIMO-2002?page=comments#action_12383187 ] Rick McGuire commented on GERONIMO-2002: Ok, another question as I drill a little deeper into this. The server side of the CORBA connection requires creating an SSLServerSocketFactory instance (which KeystoreManager handles). The client side requires creating an SSLSocketFactory instance (which is not currently handled by the KeystoreManager API, but I'll add that). The client and server ends do not necessarily need to be configured with the same truststore and keystore values (but they can be). Which approach should be used here: 1) Single set of properties used to configure both the client-side and server-side connections. Note that an ORB may require both types since it can be acting as both a server and a client to access remote references. 2) Different properties for the client and server. 3) Some other approach I've not considered? OpenEJB CORBA SSL should use Keystore GBean --- Key: GERONIMO-2002 URL: http://issues.apache.org/jira/browse/GERONIMO-2002 Project: Geronimo Type: Improvement Security: public(Regular issues) Components: security, CORBA Versions: 1.1 Reporter: Aaron Mulder Fix For: 1.1 OpenEJB initializes CORBA using a plain SSL socket factory and therefore only sees SSL keystore/trust store settings configured as system properties. We should change this to use the KeystoreManager API instead. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira