CORBA::SSLIOPComm - The interface for configuring SSL connections.
use lib "$ENV{OPALORB_ROOT}";
use CORBA;
use CORBA::Exception;
my $status = 0;
try {
CORBA::SSLIOPComm::enable_certificate_verification();
CORBA::SSLIOPComm::set_password_callback(\&get_password);
my $orb = CORBA::ORB_init(\@ARGV);
...
$orb->run();
$orb->destroy();
}
catch CORBA::Exception with {
my $ex = shift;
...
$status = 1;
}
catch Error::Simple with {
my $ex = shift;
...
$status = 1;
};
exit($status);
This interface is used to configure OpenSSL. All functions should be called and environment variables set prior to accepting any connections.
clear_environment_variables - Call this function to ensure that
environment variables set prior to running your script are removed.
enable_certificate_verification - This static function must be called
before any connection is accepted in order to be able to use the
SecurityCurrent. Enabling certificate verification requires a
certificate authority.
set_password_callback - This function will be called in the event that
the key is encrypted. It should return the password as a string.
The following environment variables are recognized:
SSL_KEY_FILE can be set to a full or relative path to a key file that is understood by OpenSSL. This defaults to certs/server-key.pem.
SSL_CERT_FILE can be set to a full or relative path to a certificate file that is understood by OpenSSL. This defaults to certs/server-cert.pem.
SSL_CA_FILE can be set to a full or relative path to a certificate authority file that is understood by OpenSSL. This is only necessary if certificate verification has been enabled. This defaults to certs/my-ca.pem
SSL_CIPHER_LIST determines which ciphers are used by OpenSSL. If clients get a CORBA::TRANSIENT exception attempting to connect to a server, it probably does not have any of the ciphers available to it. See http://www.openssl.org/docs/apps/ciphers.html#CIPHER_STRINGS for more information.