Created On: 02 March 2011
Problem:
- Product Name: VisiBroker
- Product Version: 8.0 and later
- Product Component: GIOP
- Platform/OS Version: All
When security is enabled, the printIOR list the listener port as zero, "port: 0". The question is how does the client knows which port to be connected to?
$ printIOR bank.ior
Interoperable Object Reference:
Type ID: IDL:Bank/AccountManager:1.0
Contains 1 profile.
Profile 0-IIOP Profile:
version: 1.2
host: 192.168.126.1
port: 0
Object Key: ServiceId[service=/bank_agent_poa,id={11 bytes: [ B][ a][ n][ a][ n][ a][ g][ e]},key_string=PMC/bank_agent_poaBankManager]
VB Capability component:
ORB_TYPE Component: VBJ 4.x
Code Sets Component: native char codeset:ISO 8859_1 conversion_code_sets: ISO UTF-8, native wchar codeset:ISO UTF-16 conversion_code_sets:
CompoundSecMechList {
Stateful = true
CompoundSecMech:
Requires = | INT
Transport =: TAG_TLS_SEC_TRANS { Supports = 102 Requires = 2
Addresses = {
192.168.126.1:50000
}
AS Mech =: AS_ContextSec =:
target_supports =: 0
target_requires =: 0
client_authentication_mech =: null
target_name =: null
SAS Mech =: SAS_ContextSec =:
target_supports =: 1024
target_requires =: 0
supported_naming_mechs = { GSSUP}
supported_identity_types: { ITTAnonymous ITTPrincipalName ITTDistinguishedName ITTX509Certchain }
privilege_authorities =:
0 =: [1447174401:UNKNOWN]
}
TAG_SSL_SEC_TRANS { Supports = 102 Requires = 2 Port = 50000}
Resolution:
When security is enabled for the communication channel, the masking of the normal clear listener port behaviour is as per designed and in accordance to the CORBA specification. And, the secure communication port is now published under the TAG_SSL_SEC_TRANS with port as 50000. The following is the excerpt obtained from the CORBA 3.1 specification on CORBA Interoperability.
A target that supports only protected IIOP invocations shall specify a port number of 0 (zero) in the corresponding TAG_INTERNET_IOP profile.
For details, please refer to the section Interoperable Object References, Target Security Configuration under the chapter on Secure Interoperability here at CORBA spec documents(08-01-07.pdf)
A target that supports only protected IIOP invocations shall specify a port number of 0 (zero) in the corresponding TAG_INTERNET_IOP profile.
For details, please refer to the section Interoperable Object References, Target Security Configuration under the chapter on Secure Interoperability here at CORBA spec documents(08-01-07.pdf)
Incident #2495268
#VisiBroker
#Security
