731 – The IIOP_SSL_Connector class may not be needed.

Bug 731 - The IIOP_SSL_Connector class may not be needed.

Summary: The IIOP_SSL_Connector class may not be needed.

Status:	NEW

Alias:	None

Product:	TAO
Classification:	Unclassified
Component:	SSLIOP Pluggable Protocol (show other bugs)
Version:	1.1.11
Hardware:	All All

Importance:	P3 minor
Assignee:	DOC Center Support List (internal)

URL:

Depends on:
Blocks:

Reported:	2000-11-28 19:49 CST by Ossama Othman
Modified:	2007-12-19 03:51 CST (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Ossama Othman 2000-11-28 19:49:06 CST

The "SSL aware" TAO_IIOP_SSL_Connector class may not be needed.  I need to
verify this a bit more, but that class exists solely to clear the SSL session
state in TSS when issuing a request over IIOP (as opposed to SSLIOP) to prevent
mixing that state with a non-SSL connection.  However, there is no way to get
access to the current SSL session state (even in the interceptors) on the client
side since the request is created before the connection to the server is made.

Another issue is that there is no guarantee that the same thread the sent the
request will receive the reply.

In either case, there doesn't appear to be any introduction of a security hole
by removing the TAO_IIOP_SSL_Connector class and reverting back to the standard
TAO_IIOP_Connector.

Comment 1 Ossama Othman 2000-11-28 19:51:28 CST

Mine.

Comment 2 Johnny Willemsen 2007-01-09 07:47:43 CST

Ossama, could you recheck this report you made?

Comment 3 Ossama Othman 2007-12-19 03:51:52 CST

I won't have time to look at this issue for quite some time.  Reassigning to tao-support.