Bug 1259902 - [GSS] (6.4.z) EJB IOR contains wrong port (non-SSL port) information when SSL is required
[GSS] (6.4.z) EJB IOR contains wrong port (non-SSL port) information when SSL...
Status: CLOSED CURRENTRELEASE
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: IIOP (Show other bugs)
6.4.2
Unspecified Unspecified
unspecified Severity unspecified
: CR1
: EAP 6.4.14
Assigned To: Bartek Spyrko-Smietanko
Jiří Bílek
:
Depends On:
Blocks: eap6414-payload
  Show dependency treegraph
 
Reported: 2015-09-03 14:27 EDT by Derek Horton
Modified: 2017-03-23 04:23 EDT (History)
8 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-03-23 04:23:04 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
JBoss Issue Tracker WFLY-5274 Major Closed EJB IOR contains wrong port (non-SSL port) information when SSL is required 2017-06-13 04:43 EDT

  None (edit)
Description Derek Horton 2015-09-03 14:27:40 EDT
Description of problem:

- Configure JBoss to only allow IIOP connections over SSL
- It is possible to do this, but the configuration is confusing (possibly a bug)

Details of the setup/issue:

- When enabling SSL for jacorb, it normally listens on both the non-ssl port and the ssl port
- Setting server-requires="ServerAuth" causes the server to stop listening on non-ssl port
- However, the IOR tells client to connect to non-ssl port ...even though its not listening on it

        String lookup = "corbaname:iiop:" + host + ":" + port +"#" + ejbLookupPath;

        // lookup the IIOP EJB
        Object iiopObj = ctx.lookup(lookup);

        // the call to the EJB will fail due to the port being wrong non-ssl vs ssl

- The workaround is to use the following ior-setting to correct the port settings in the IOR

  /subsystem=jacorb/ior-settings=default/setting=transport-config:add(confidentiality=required)

- Shouldn't setting "server-requires=ServerAuth" change the port info in the IOR?
Comment 1 Derek Horton 2015-09-03 14:30:20 EDT
JacORB's dior util can be used to print out the IOR
Comment 3 Tomek 2015-09-24 14:40:55 EDT
"Shouldn't setting "server-requires=ServerAuth" change the port info in the IOR?"

Yes this is a bug and I will prepare the fix that works this way.
Comment 4 Tomek 2015-09-24 15:08:25 EDT
"Shouldn't setting "server-requires=ServerAuth" change the port info in the IOR?"

Yes this is a bug and I will prepare the fix that works this way.
Comment 6 JBoss JIRA Server 2015-11-10 11:38:20 EST
Tomasz Adamski <tadamski@redhat.com> updated the status of jira WFLY-5274 to Closed
Comment 11 Jiří Bílek 2017-03-14 04:07:33 EDT
I am not able to reproduce the issue. According to code revision fix is included.
Included test case does not test the issue.

Verified with EAP 6.4.14.CP.CR2
Comment 12 Petr Penicka 2017-03-23 04:23:04 EDT
Released with EAP 6.4.14 on March 14 (ZIPs) and March 22 (RPMs).

Note You need to log in before you can comment on or make changes to this bug.