<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html xmlns:fn="http://www.w3.org/2005/02/xpath-functions">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<link rel="stylesheet" href="../../../../doc/otp_doc.css" type="text/css">
<title>Erlang -- How to use security in Orber</title>
</head>
<body bgcolor="white" text="#000000" link="#0000ff" vlink="#ff00ff" alink="#ff0000"><div id="container">
<script id="js" type="text/javascript" language="JavaScript" src="../../../../doc/js/flipmenu/flipmenu.js"></script><script id="js2" type="text/javascript" src="../../../../doc/js/erlresolvelinks.js"></script><script language="JavaScript" type="text/javascript">
<!--
function getWinHeight() {
var myHeight = 0;
if( typeof( window.innerHeight ) == 'number' ) {
//Non-IE
myHeight = window.innerHeight;
} else if( document.documentElement && ( document.documentElement.clientWidth ||
document.documentElement.clientHeight ) ) {
//IE 6+ in 'standards compliant mode'
myHeight = document.documentElement.clientHeight;
} else if( document.body && ( document.body.clientWidth || document.body.clientHeight ) ) {
//IE 4 compatible
myHeight = document.body.clientHeight;
}
return myHeight;
}
function setscrollpos() {
var objf=document.getElementById('loadscrollpos');
document.getElementById("leftnav").scrollTop = objf.offsetTop - getWinHeight()/2;
}
function addEvent(obj, evType, fn){
if (obj.addEventListener){
obj.addEventListener(evType, fn, true);
return true;
} else if (obj.attachEvent){
var r = obj.attachEvent("on"+evType, fn);
return r;
} else {
return false;
}
}
addEvent(window, 'load', setscrollpos);
//--></script><div id="leftnav"><div class="innertube">
<img alt="Erlang logo" src="../../../../doc/erlang-logo.png"><br><small><a href="users_guide.html">User's Guide</a><br><a href="index.html">Reference Manual</a><br><a href="release_notes.html">Release Notes</a><br><a href="../pdf/orber-3.6.15.pdf">PDF</a><br><a href="../../../../doc/index.html">Top</a></small><p><strong>orber</strong><br><strong>User's Guide</strong><br><small>Version 3.6.15</small></p>
<br><a href="javascript:openAllFlips()">Expand All</a><br><a href="javascript:closeAllFlips()">Contract All</a><p><small><strong>Chapters</strong></small></p>
<ul class="flipMenu" imagepath="../../../../doc/js/flipmenu">
<li id="no" title="The Orber Application" expanded="false">The Orber Application<ul>
<li><a href="ch_contents.html">
Top of chapter
</a></li>
<li title="Content Overview"><a href="ch_contents.html#id2259549">Content Overview</a></li>
<li title="Brief Description of the User's Guide"><a href="ch_contents.html#id2261515">Brief Description of the User's Guide</a></li>
</ul>
</li>
<li id="no" title="Introduction to Orber" expanded="false">Introduction to Orber<ul>
<li><a href="ch_introduction.html">
Top of chapter
</a></li>
<li title="Overview"><a href="ch_introduction.html#id2253679">Overview</a></li>
</ul>
</li>
<li id="no" title="The Orber Application" expanded="false">The Orber Application<ul>
<li><a href="ch_orber_kernel.html">
Top of chapter
</a></li>
<li title="ORB Kernel and IIOP "><a href="ch_orber_kernel.html#id2267799">ORB Kernel and IIOP </a></li>
<li title="The Object Request Broker (ORB)"><a href="ch_orber_kernel.html#id2273126">The Object Request Broker (ORB)</a></li>
<li title="Internet Inter-Object Protocol (IIOP)"><a href="ch_orber_kernel.html#id2266281">Internet Inter-Object Protocol (IIOP)</a></li>
</ul>
</li>
<li id="no" title="Interface Repository" expanded="false">Interface Repository<ul>
<li><a href="ch_ifr.html">
Top of chapter
</a></li>
<li title="Interface Repository(IFR)"><a href="ch_ifr.html#id2251838">Interface Repository(IFR)</a></li>
</ul>
</li>
<li id="no" title="Installing Orber" expanded="false">Installing Orber<ul>
<li><a href="ch_install.html">
Top of chapter
</a></li>
<li title="Installation Process "><a href="ch_install.html#id2267620">Installation Process </a></li>
<li title="Configuration"><a href="ch_install.html#id2258668">Configuration</a></li>
<li title="Firewall Configuration"><a href="ch_install.html#id2274587">Firewall Configuration</a></li>
<li title="Interface Configuration"><a href="ch_install.html#id2275079">Interface Configuration</a></li>
</ul>
</li>
<li id="no" title="OMG IDL to Erlang Mapping" expanded="false">OMG IDL to Erlang Mapping<ul>
<li><a href="ch_idl_to_erlang_mapping.html">
Top of chapter
</a></li>
<li title="OMG IDL to Erlang Mapping - Overview"><a href="ch_idl_to_erlang_mapping.html#id2275329">OMG IDL to Erlang Mapping - Overview</a></li>
<li title="OMG IDL Mapping Elements"><a href="ch_idl_to_erlang_mapping.html#id2275358">OMG IDL Mapping Elements</a></li>
<li title="Getting Started"><a href="ch_idl_to_erlang_mapping.html#id2275422">Getting Started</a></li>
<li title="Basic OMG IDL Types"><a href="ch_idl_to_erlang_mapping.html#id2275495">Basic OMG IDL Types</a></li>
<li title="Template OMG IDL Types and Complex Declarators"><a href="ch_idl_to_erlang_mapping.html#id2276045">Template OMG IDL Types and Complex Declarators</a></li>
<li title="Constructed OMG IDL Types"><a href="ch_idl_to_erlang_mapping.html#id2276571">Constructed OMG IDL Types</a></li>
<li title="Scoped Names and Generated Files"><a href="ch_idl_to_erlang_mapping.html#id2277017">Scoped Names and Generated Files</a></li>
<li title="Typecode, Identity and Name Access Functions"><a href="ch_idl_to_erlang_mapping.html#id2277452">Typecode, Identity and Name Access Functions</a></li>
<li title="References to Constants"><a href="ch_idl_to_erlang_mapping.html#id2277608">References to Constants</a></li>
<li title="References to Objects Defined in OMG IDL"><a href="ch_idl_to_erlang_mapping.html#id2277673">References to Objects Defined in OMG IDL</a></li>
<li title="Exceptions"><a href="ch_idl_to_erlang_mapping.html#id2277699">Exceptions</a></li>
<li title="Access to Attributes"><a href="ch_idl_to_erlang_mapping.html#id2277737">Access to Attributes</a></li>
<li title="Invocations of Operations"><a href="ch_idl_to_erlang_mapping.html#id2277798">Invocations of Operations</a></li>
<li title="Implementing the DB Application"><a href="ch_idl_to_erlang_mapping.html#id2277980">Implementing the DB Application</a></li>
<li title="Reserved Compiler Names and Keywords"><a href="ch_idl_to_erlang_mapping.html#id2278268">Reserved Compiler Names and Keywords</a></li>
<li title="Type Code Representation"><a href="ch_idl_to_erlang_mapping.html#id2279028">Type Code Representation</a></li>
</ul>
</li>
<li id="no" title="CosNaming Service" expanded="false">CosNaming Service<ul>
<li><a href="ch_naming_service.html">
Top of chapter
</a></li>
<li title="Overview of the CosNaming Service"><a href="ch_naming_service.html#id2279707">Overview of the CosNaming Service</a></li>
<li title="The Basic Use-cases of the Naming Service"><a href="ch_naming_service.html#id2279873">The Basic Use-cases of the Naming Service</a></li>
<li title="Interoperable Naming Service"><a href="ch_naming_service.html#id2280252">Interoperable Naming Service</a></li>
</ul>
</li>
<li id="loadscrollpos" title="How to use security in Orber" expanded="true">How to use security in Orber<ul>
<li><a href="ch_security.html">
Top of chapter
</a></li>
<li title="Security in Orber"><a href="ch_security.html#id2281165">Security in Orber</a></li>
</ul>
</li>
<li id="no" title="Orber Stubs/Skeletons" expanded="false">Orber Stubs/Skeletons<ul>
<li><a href="ch_stubs.html">
Top of chapter
</a></li>
<li title="Orber Stubs and Skeletons Description"><a href="ch_stubs.html#id2281584">Orber Stubs and Skeletons Description</a></li>
</ul>
</li>
<li id="no" title="CORBA System and User Defined Exceptions" expanded="false">CORBA System and User Defined Exceptions<ul>
<li><a href="ch_exceptions.html">
Top of chapter
</a></li>
<li title="System Exceptions"><a href="ch_exceptions.html#id2282246">System Exceptions</a></li>
<li title="User Defined Exceptions"><a href="ch_exceptions.html#id2282730">User Defined Exceptions</a></li>
<li title="Throwing Exceptions"><a href="ch_exceptions.html#id2282754">Throwing Exceptions</a></li>
<li title="Catching Exceptions"><a href="ch_exceptions.html#id2282790">Catching Exceptions</a></li>
</ul>
</li>
<li id="no" title="Orber Interceptors" expanded="false">Orber Interceptors<ul>
<li><a href="ch_interceptors.html">
Top of chapter
</a></li>
<li title="Using Interceptors"><a href="ch_interceptors.html#id2282911">Using Interceptors</a></li>
<li title="Interceptor Example"><a href="ch_interceptors.html#id2283153">Interceptor Example</a></li>
</ul>
</li>
<li id="no" title="OrberWeb" expanded="false">OrberWeb<ul>
<li><a href="ch_orberweb.html">
Top of chapter
</a></li>
<li title="Using OrberWeb"><a href="ch_orberweb.html#id2283471">Using OrberWeb</a></li>
<li title="Starting OrberWeb"><a href="ch_orberweb.html#id2284120">Starting OrberWeb</a></li>
</ul>
</li>
<li id="no" title="Debugging" expanded="false">Debugging<ul>
<li><a href="ch_debugging.html">
Top of chapter
</a></li>
<li title="Tools and FAQ"><a href="ch_debugging.html#id2284216">Tools and FAQ</a></li>
</ul>
</li>
</ul>
</div></div>
<div id="content">
<div class="innertube">
<h1>8 How to use security in Orber</h1>
<h3><a name="id2281165">8.1
Security in Orber</a></h3>
<h4>Introduction</h4>
<p>Orber SSL provides authentication, privacy and integrity for your
Erlang applications. Based on the Secure Sockets Layer protocol, the
Orber SSL ensures that your Orber clients and servers can
communicate securely over any network.
This is done by tunneling IIOP through an SSL connection. To get
the node secure you will also need to have a firewall which
only lets through connections to certain ports.</p>
<h4>Enable Usage of Secure Connections</h4>
<p>To enable a secure Orber domain you have to set the configuration variable
<strong>secure</strong> which currently only can have one of two values;
<strong>no</strong> if no security for IIOP should be used and <strong>ssl</strong> if
secure connections is needed (<strong>ssl</strong> is currently the only supported
security mechanism).</p>
<p>The default is no security.</p>
<h4>Configurations when Orber is Used on the Server Side</h4>
<p>The following three configuration variables can be used to configure Orber's SSL
behavior on the server side.</p>
<ul>
<li>
<strong>ssl_server_certfile</strong> - which is a path to a file containing a
chain of PEM encoded certificates for the Orber domain as server.</li>
<li>
<strong>ssl_server_cacertfile</strong> - which is a path to a file containing
a chain of PEM encoded certificates for the Orber domain as server.</li>
<li>
<strong>ssl_server_verify</strong> - which specifies type of verification:
0 = do not verify peer; 1 = verify peer, verify client once,
2 = verify peer, verify client once, fail if no peer certificate.
The default value is 0.</li>
<li>
<strong>ssl_server_depth</strong> - which specifies verification depth, i.e.
how far in a chain of certificates the verification process shall
proceed before the verification is considered successful. The default
value is 1. </li>
<li>
<strong>ssl_server_keyfile</strong> - which is a path to a file containing a
PEM encoded key for the Orber domain as server.</li>
<li>
<strong>ssl_server_password</strong> - only used if the private keyfile is
password protected.</li>
<li>
<strong>ssl_server_ciphers</strong> - which is string of ciphers as a colon
separated list of ciphers.</li>
<li>
<strong>ssl_server_cachetimeout</strong> - which is the session cache timeout
in seconds.</li>
</ul>
<p>There also exist a number of API functions for accessing the values of these variables:</p>
<ul>
<li>orber:ssl_server_certfile/0</li>
<li>orber:ssl_server_cacertfile/0</li>
<li>orber:ssl_server_verify/0</li>
<li>orber:ssl_server_depth/0</li>
<li>orber:ssl_server_keyfile/0</li>
<li>orber:ssl_server_password/0</li>
<li>orber:ssl_server_ciphers/0</li>
<li>orber:ssl_server_cachetimeout/0</li>
</ul>
<h4>Configurations when Orber is Used on the Client Side</h4>
<p>When the Orber enabled application is the client side in the secure connection the
different configurations can be set per client process instead and not for the whole domain
as for incoming calls.</p>
<p>One can use configuration variables to set default values for the domain but they can be changed
per client process. Below is the list of client configuration variables.</p>
<ul>
<li>
<strong>ssl_client_certfile</strong> - which is a path to a file containing a
chain of PEM encoded certificates used in outgoing calls in the current
process.</li>
<li>
<strong>ssl_client_cacertfile</strong> - which is a path to a file containing a
chain of PEM encoded CA certificates used in outgoing calls in the
current process.</li>
<li>
<strong>ssl_client_verify</strong> - which specifies type of verification:
0 = do not verify peer; 1 = verify peer, verify client once,
2 = verify peer, verify client once, fail if no peer certificate.
The default value is 0.</li>
<li>
<strong>ssl_client_depth</strong> - which specifies verification depth, i.e.
how far in a chain of certificates the verification process shall proceed
before the verification is considered successful. The default value is 1. </li>
<li>
<strong>ssl_client_keyfile</strong> - which is a path to a file containing a
PEM encoded key when Orber act as client side ORB.</li>
<li>
<strong>ssl_client_password</strong> - only used if the private keyfile is
password protected.</li>
<li>
<strong>ssl_client_ciphers</strong> - which is string of ciphers as a colon
separated list of ciphers.</li>
<li>
<strong>ssl_client_cachetimeout</strong> - which is the session cache timeout
in seconds.</li>
</ul>
<p>There also exist a number of API functions for accessing and changing the values of this
variables in the client processes.</p>
<p>Access functions:</p>
<ul>
<li>orber:ssl_client_certfile/0</li>
<li>orber:ssl_client_cacertfile/0</li>
<li>orber:ssl_client_verify/0</li>
<li>orber:ssl_client_depth/0</li>
<li>orber:ssl_client_keyfile/0</li>
<li>orber:ssl_client_password/0</li>
<li>orber:ssl_client_ciphers/0</li>
<li>orber:ssl_client_cachetimeout/0</li>
</ul>
<p>Modify functions:</p>
<ul>
<li>orber:set_ssl_client_certfile/1</li>
<li>orber:set_ssl_client_cacertfile/1</li>
<li>orber:set_ssl_client_verify/1</li>
<li>orber:set_ssl_client_depth/1</li>
</ul>
</div>
<div class="footer">
<hr>
<p>Copyright © 1997-2010 Ericsson AB. All Rights Reserved.</p>
</div>
</div>
</div></body>
</html>
distrib
>
Fedora
>
13
>
i386
>
media
>
os
>
by-pkgid
>
f806c0f24240b25bde21a53f71766070
>
files
>
1101
