From: Don B. <bu...@oc...> - 2010-03-09 15:12:42
|
Mario, Thanks for your interest in OpenDDS. What you're doing below wouldn't enable SSL in OpenDDS; it would only use SSL in the CORBA communication that happens behind the scenes in OpenDDS. OpenDDS readers and writers communicate with the DSPSInfoRepo process via CORBA to make associations with each other. So you could in theory enable SSL for that communication, but you'd also have to run the DCPSInfoRepo with SSL enabled and with certificates set up appropriately. However, for performance reasons, OpenDDS samples are published directly from a DataWriter to a DataReader on a standard socket; CORBA is not involved in that communication. So SSL would not come into play on a DDS write(), at least as OpenDDS is today. The way you'd implement SSL in OpenDDS would be to create a new transport as a sibling of the SimpleTcp, udp, and multicast transports. OpenDDS's extensible transport framework is located in $DDS_ROOT/dds/DCPS/transports, and there you would see the general framework as well as the SimpleTcp, udp, and multicast transports. It's a non-trivial thing to do. If this is really important to you to the point that your company would want to pay for its development, we can provide an estimate to do the work on a time-and-materials basis. Or if you decide to do this yourself, we'd strongly encourage you to contribute the new transport back to the OpenDDS code base. Again, thanks for your interest. Best Regards, Don Busch Mario Danelli wrote: > Hello, > > in our software laboratory we are evaluationg OpenDDS. > > Especially we would know if it's possible to use cryptography (SSLIOP). > > I found the follow links to install, configure and use SSL in OpenDDS: > > * to build and install ACE_SSL - > http://www.dre.vanderbilt.edu/~schmidt/DOC_ROOT/ACE/ACE-INSTALL.html#sslinstall > * install SSLIOP in TAO - > https://svn.dre.vanderbilt.edu/viewvc/Middleware/trunk/TAO/docs/Security/SSLIOP-INSTALL.html?view=co > * using SSLIOP - > http://www.dre.vanderbilt.edu/~schmidt/DOC_ROOT/TAO/docs/Security/SSLIOP-USAGE.html > > I followed the steps specified in the links and started the DCPS > repository with a 'tcp.conf' file modified with the new lines to use SSLIOP: > > dynamic SSLIOP_Factory Service_Object * > TAO_SSLIOP:_make_TAO_SSLIOP_Protocol_Factory() "" > static Resource_Factory "-ORBProtocolFactory SSLIOP_Factory" > > After starting a publisher without specifing the new lines also in the > publisher's configurations file it's throwed a "CORBA::NO_PERMISSION" > exception. > So i specified new lines also in the publisher's configurations but in > this case it's throwed a "CORBA::INV_POLICY" exception. > > In this link (http://www.theaceorb.com/faq/index.html#141) is specified > that to correct the problem, protected invocations via the Naming > Service's object reference must be disabled. > I suppose i have to do this task in all the OpenDDS project files and > re-build the complete project. Am i wrong? > > Finally i would like to konw, from anyone that used OpenDDS with SSL > before (or studied this case), if there is a way to enable SSL in OpenDDS? > Is the way followed until know correct or is there a simpler way (e.g. > set a flag or other from a configuration file/command parameter)? > > Thanks in advance. > > Regards > Mario Danelli > > -- ---------------------------------------------------------------- Don Busch, Principal Software Engineer and Partner Object Computing, Inc. (OCI) 314-590-0250 http://www.ociweb.com http://www.theaceorb.com http://jacorb.ociweb.com "Never let what you can't do get in the way of what you can do." - John Wooden ---------------------------------------------------------------- |