Bug 731

Summary: The IIOP_SSL_Connector class may not be needed.
Product: TAO Reporter: Ossama Othman <ossama.othman>
Component: SSLIOP Pluggable ProtocolAssignee: DOC Center Support List (internal) <tao-support>
Status: NEW ---    
Severity: minor    
Priority: P3    
Version: 1.1.11   
Hardware: All   
OS: All   

Description Ossama Othman 2000-11-28 19:49:06 CST 
The "SSL aware" TAO_IIOP_SSL_Connector class may not be needed.  I need to
verify this a bit more, but that class exists solely to clear the SSL session
state in TSS when issuing a request over IIOP (as opposed to SSLIOP) to prevent
mixing that state with a non-SSL connection.  However, there is no way to get
access to the current SSL session state (even in the interceptors) on the client
side since the request is created before the connection to the server is made.

Another issue is that there is no guarantee that the same thread the sent the
request will receive the reply.

In either case, there doesn't appear to be any introduction of a security hole
by removing the TAO_IIOP_SSL_Connector class and reverting back to the standard
TAO_IIOP_Connector.
Comment 1 Ossama Othman 2000-11-28 19:51:28 CST 
Mine.
Comment 2 Johnny Willemsen 2007-01-09 07:47:43 CST 
Ossama, could you recheck this report you made?
Comment 3 Ossama Othman 2007-12-19 03:51:52 CST 
I won't have time to look at this issue for quite some time.  Reassigning to tao-support.