OpenORB SSL ----------- - removed reference to the JDK tools.jar from build.xml to allow compilation on OSX - renamed method getState() in subclasses of Thread to allow compilation on JDK 1.5 Version 1.4.0 BETA2 - July, 29 2004 - SSL_1_4_0_BETA2 - Upgraded to checkstyle 3.3. - Fixed various warnings Eclipse 3.0M6 complained about. - Added Eclipse project files (.project and .classpath) the project can now easily be imported by New->Project->Import From existing Source - Placed compiler cache files in build directory, caches are now deleted by invoking the build target "clean" Version 1.4.0 BETA1 - December, 19 2003 - SSL_1_4_0_BETA1 - Added a patch from Chas Honton to remove the dubious class SSLTransportAssociationHolder. - Added support for RSA crypto libs. This required addition of RSA cipher names to SSLCipherSuiteDatabase as the RSA cipher names are different than those used by Sun. Also required was a minor modification to JSSEContextFinder to support new derived class RSAContextFinder. Finally, the logic in SSLAssociation was modified so that the handshakeCompleted method returns if the cipher suite returned from the event is null as can happen with SSLv3 and TLS protocols. - Fixed error in logger management that caused NullPointerException. - Removed the setConfig scripts, use the updateConfig scripts from tools instead. - Moved the human readable output handling of SSL IOR components from the OpenORB core into the SSL module by using the new mechanism of module specific TaggedComponentHandlers. - Added the JAAS 1.0_01 library for JDK 1.3.x. This is necessary to make the CSIv2 stuff compile on JDK 1.3.0. It is also required for running CSIv2 once it is finished. - Moved build script logic into Ant files. - Refactored the SSLContextFinder to a more generic approach. For the Sun JSSE implementation there is now a sub-class JSSEContextFinder. The class SSLContextFinder serves as a base class for special implementations. The patch, contributed by Sean Parker (sparker _at_ cpi _dot_ com>) also solves a problem described by the bug report #682537. - Added the binary distribution of JSSE 1.0.3_01 (global). The license and the changed US export regulations allow us now to include the jars in the distribution. - Added support for CSIv2 IOR profile component parsing, especially the TAG_CSI_SEC_MECH_LIST component. - Changed the port number for the basic example so that the example can be run out of the box on UNIX. The port was set to 684 which is in the range of restricted ports under UNIX (The user is not allowed to open orts under 1024). - Moved the classes from org.openorb.ssliop into org.openorb.orb.ssl. The SSL module will be integrated into OpenORB core as soon as we drop support for JDK 1.3. The SSL functionality should be really part of the core and by that better integrated with the core. In order to achieve that a merge into core is inevitable. NOTE: Please change your configuration files to use the new package layout: OLD: org.openorb.ssliop.* NEW: org.openorb.orb.ssl.* - Added script for setting the Java build environment. - Create the jars in the lib folder instead of the dist folder. - Create additional javadoc for the example. - The SSLTransportServerInitializer will now abort when the interceptors for rejecting unsecure invocations or the ior interceptor can't be installed. - Adapted usage of OpenORB classes to new package structure. - Updated version number to 1.4.0. - The class ReleaseInfo has been removed for simplicity reasons. Version 1.3.0 - September, 27 2002 - SSL_1_3_0 - Make build.sh work with the latest cygwin version. The script was using a variable OSTYPE that is not available in sh. The official way to get the name of the platform is uname which is now used for determining the CLASSPATH separator. Version 1.3.0 BETA2 - August, 10 2002 - SSL_1_3_0_BETA2 - Fixed the example to register the Sun JSSE provider dynamically. - Fixed bug #577758 (SSL allows unsecured connections...). This bug was not due to a design flaw, it was due to a property that has been introduced some time ago. In some cases the property prevented the ServerRejectUnsecureInterceptor to be installed. In this case it was allowing any unsecured client access to the server. - Added the property to specify the handshake timeout to the SSLIOP xml file. - Added patch by Diego Sevilla Ruiz (dsevilla _at_ um _dot_ es) for the install target of the build.xml. The new version copies the files to the path specified by the property install.path just as if you extract one of the binary tarballs. - Make the install target in build.xml copy all jars from the dist directory to the specified install location. - Added a basic SSL example that should work right out of the box and give new users a jump-start. - Added dump-info target to build.xml to show the basic settings that are used by ant. - Add support for xalan on JDK 1.4 to build.xml. Otherwise the compile-docbook target does not work. Version 1.3.0 BETA1 - June, 19 2002 - SSL_1_3_0_BETA1 - Added a checkstyle target to build.xml. The command "build.sh checkstyle" checks the source code for adherence to the Jakarta coding conventions. - The logging system has been changed and is based on the Jakarta Avalon LogKit now. - Added the property "ssliop.server.handshake.timeout" with which the timeout for handshake completion can be set. - SSL package compiles with JDK1.4 now. When using JDK1.4 you don't need the extra JSSE package as it has been integrated into JDK1.4. - Separated the setConfig shell scripts from the build.xml. Added an add.bat file to perform the actual command. - Added local.properties file to influence the ant build process locally. - Fixed a few deprecation warnings in the swing dialogs: Use setText() instead of setLabel(). - build.sh now works under Cygwin, patch submitted by David Blevins (dblevins@users.sourceforge.net). - Removed the common libs from the lib directory. - Converted the rmi.xml file to docbook format. Build.xml creates pdf and html output now. - Added javadoc target to build.xml. - Merged install.txt and src/etc/README files. Moved src/etc files CHANGELOG, README, and LICENSE to the base directory of the package and renamed CHANGELOG to WHATSNEW (Jakarta style). - Switched to template based manifest files. - Aligned code to the Apache/Jakarta coding guidlines (Normal and generated code). Version 1.2.1 - January, 11 2002 - SSL_1_2_1 - Updated the version number to 1.2.1. - Bug #715: Added trace output for original exceptions. Added a new property openorb.debug.ShowStackTrace. This property can be used to show the actual exception traces for all the rethrown exceptions. - Enhancement #789: Added a flag "ssliop.iiopport.disable". - Bug #778: Set thread to daemon mode. See bugzilla. Version 1.2.0 - August, 8 2001 - SSL_1_2_0 - Bug: Fixed problem for bidir only servers, socket is opened only when the open method is called, not before. - Bug: Updated server initializer to stop potential denial of service attack, opening connections without proceeding with the SSL handshake. Thanks to Michael Rumpf for this patch. - Update: Flags in the client/server to allow interoperability. Version 1.1.0 - May, 8 2001 - SSL_1_1_0 - Doc: updated - Update: Configuration system Version 1.0.1 - March, 9 2001 - SSL_1_0_1 - Output information about the SSL components for use in the toString method of Object. - Fixed SSL to work with OpenORB 1.0.1. jsse 1.0.2, the currently available jsse, does not support using the setSOTimeout to set a timeout for reads, which resulted in infinite waits for connection shutdown. The fix is to use a reader thread to read the magic bytes off of the connection, which gets terminated once the connection is in the final stages of shutdown. Version 1.0.0 - February, 1 2001 - SSL_1_0_0 - Initial Release