Read only archive ; use for new issues
Bug 822 - cannot turn off verifying server's certficate in a client
Summary: cannot turn off verifying server's certficate in a client
Alias: None
Product: JacORB
Classification: Unclassified
Component: SSL/IIOP (show other bugs)
Version: 2.3.0
Hardware: Other other
: P2 major
Assignee: Gerald Brose
Depends on:
Reported: 2008-01-16 20:01 CET by Terry Xie
Modified: 2014-04-25 17:50 CEST (History)
1 user (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Terry Xie 2008-01-16 20:01:35 CET
No matter which option you try, there is no way to turn off  verifying 
service's certficate in a client.  In other words, you have to go to the 
cacerts and add the service's certificate to the jre's trust store.

Available options:

# IIOP/SSL parameters (numbers are hex values, without the leading "0x"):
# NoProtection = 1
# EstablishTrustInClient = 40
# EstablishTrustInTarget = 20
# mutual authentication = 60
# please see the programming guide for more explanation

A workaround is to use this setting with a no trust check :

BTW, the NoProtection = 1 ( I think it means no authentication for both client/
server) cannot work at all because checkSSL method will check if the minimum 
option masked with it is 0 then SSL is not selected at all.
Comment 1 Terry Xie 2008-01-16 20:02:26 CET
This bug needs bug 820 to fix first since the configuration properties are read 
incorrectly as non-hex.
Comment 2 Nick Cross 2011-09-29 16:21:03 CEST
I think this is fixed in CVS - please retest and reopen if required.
Comment 3 Terry Xie 2014-04-24 17:30:13 CEST
Using NoProtection = 1 still doesn't work on the client. There is an handshake exception:

org.omg.CORBA.COMM_FAILURE: IOException: No trusted certificate found  vmcid: 0x0  minor code: 0  completed: No

This workaround is still needed:

Jacorb 3.3 stable release
Comment 4 Nick Cross 2014-04-25 17:50:16 CEST
Can you please supply the configuration you are using (ideally a test case) ?