Created attachment 1012694 [details] Corrects a bug that leads to loss of SSL peer details Description of problem: Fedora 21 omniORB package contains a bug that leads to an empty SSL peer details in all cases. The bug was corrected in the omniORB trunk branch, but still exists in Fedora 21 repo package. Version-Release number of selected component (if applicable): 4.2.0-3 How reproducible: always Steps to Reproduce: 1. Setup omniORB for using SSL connections with self-signed RSA certificates 2. Try to acquire peer identity in the server receive request interceptor Actual results: an empty the connection peer identity Expected results: non-empty the connection peer identity Additional info: the bug was introduced by sslConnection class refactoring and corrected much later in commit r6273 (omniORB SVN tree). I have made the appropriate modifications in the sslConnection.cc and sslConnection.h of the current stable Fedora 21 package. So, it would be nice to apply this patch into stable Fedora 21 (and probably rawhide) package. The patch I've attached to the ticket. Thanks in advance, Alexey Kosilin
Not at all familiar with the omniORB code, but looking at r6273 and comparing with the patch you posted, this hunk caught my eye: @@ -414,8 +415,42 @@ tcpSocket::setCloseOnExec(sock); belong_to->addSocket(this); + setPeerDetails(); +} It is part of the upstream patch but not the one you posted. So just to make sure before applying, is this intentional? Thanks
(In reply to Sandro Mani from comment #1) > Not at all familiar with the omniORB code, but looking at r6273 and > comparing with the patch you posted, this hunk caught my eye: > > @@ -414,8 +415,42 @@ > tcpSocket::setCloseOnExec(sock); > > belong_to->addSocket(this); > + setPeerDetails(); > +} > > It is part of the upstream patch but not the one you posted. So just to make > sure before applying, is this intentional? > > Thanks Year, it's definitely intentional. The socket 'sock' is always in listening state while constructing sslConnection, so connection peer details is always empty at this point. May be the upstream code writers intended the code for some future usage, but in 4.2.0 branch it's absolutely useless.
omniORB-4.2.0-4.fc22 has been submitted as an update for Fedora 22. https://admin.fedoraproject.org/updates/omniORB-4.2.0-4.fc22
omniORB-4.2.0-4.fc21 has been submitted as an update for Fedora 21. https://admin.fedoraproject.org/updates/omniORB-4.2.0-4.fc21
Package omniORB-4.2.0-4.fc22: * should fix your issue, * was pushed to the Fedora 22 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing omniORB-4.2.0-4.fc22' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2015-6044/omniORB-4.2.0-4.fc22 then log in and leave karma (feedback).
omniORB-4.2.0-4.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
omniORB-4.2.0-4.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.