Bug 1259902 - [GSS] (6.4.z) EJB IOR contains wrong port (non-SSL port) information when SSL is required
Summary: [GSS] (6.4.z) EJB IOR contains wrong port (non-SSL port) information when SSL...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: IIOP
Version: 6.4.2
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: CR1
: EAP 6.4.14
Assignee: Bartek Spyrko-Smietanko
QA Contact: Jiří Bílek
URL:
Whiteboard:
Depends On:
Blocks: eap6414-payload
TreeView+ depends on / blocked
 
Reported: 2015-09-03 18:27 UTC by Derek Horton
Modified: 2019-10-10 10:09 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-03-23 08:23:04 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Bugzilla 1423476 0 unspecified CLOSED (6.4.z) jboss-as-jacorb doesn't compile on IBM Java 2021-02-22 00:41:40 UTC
Red Hat Issue Tracker WFLY-5274 0 Major Closed EJB IOR contains wrong port (non-SSL port) information when SSL is required 2017-06-13 08:43:12 UTC

Internal Links: 1423476

Description Derek Horton 2015-09-03 18:27:40 UTC 
Description of problem:

- Configure JBoss to only allow IIOP connections over SSL
- It is possible to do this, but the configuration is confusing (possibly a bug)

Details of the setup/issue:

- When enabling SSL for jacorb, it normally listens on both the non-ssl port and the ssl port
- Setting server-requires="ServerAuth" causes the server to stop listening on non-ssl port
- However, the IOR tells client to connect to non-ssl port ...even though its not listening on it

        String lookup = "corbaname:iiop:" + host + ":" + port +"#" + ejbLookupPath;

        // lookup the IIOP EJB
        Object iiopObj = ctx.lookup(lookup);

        // the call to the EJB will fail due to the port being wrong non-ssl vs ssl

- The workaround is to use the following ior-setting to correct the port settings in the IOR

  /subsystem=jacorb/ior-settings=default/setting=transport-config:add(confidentiality=required)

- Shouldn't setting "server-requires=ServerAuth" change the port info in the IOR?
Comment 1 Derek Horton 2015-09-03 18:30:20 UTC 
JacORB's dior util can be used to print out the IOR
Comment 3 Tomek 2015-09-24 18:40:55 UTC 
"Shouldn't setting "server-requires=ServerAuth" change the port info in the IOR?"

Yes this is a bug and I will prepare the fix that works this way.
Comment 4 Tomek 2015-09-24 19:08:25 UTC 
"Shouldn't setting "server-requires=ServerAuth" change the port info in the IOR?"

Yes this is a bug and I will prepare the fix that works this way.
Comment 6 JBoss JIRA Server 2015-11-10 16:38:20 UTC 
Tomasz Adamski <tadamski> updated the status of jira WFLY-5274 to Closed
Comment 11 Jiří Bílek 2017-03-14 08:07:33 UTC 
I am not able to reproduce the issue. According to code revision fix is included.
Included test case does not test the issue.

Verified with EAP 6.4.14.CP.CR2
Comment 12 Petr Penicka 2017-03-23 08:23:04 UTC 
Released with EAP 6.4.14 on March 14 (ZIPs) and March 22 (RPMs).
Note You need to log in before you can comment on or make changes to this bug.