aboutsummaryrefslogblamecommitdiffstats
path: root/lib/cosFileTransfer/doc/src/ch_system.xml
blob: 377ec1fa496789e7e676420dd95691a8040590d2 (plain) (tree)
1
2
3
4
5
6
7
8
9
10
                                       




                                       
                                        


                                                        










                                                                              




















































































































                                                                                                        
<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE chapter SYSTEM "chapter.dtd">

<chapter>
  <header>
    <copyright>
      <year>2001</year><year>2016</year>
      <holder>Ericsson AB. All Rights Reserved.</holder>
    </copyright>
    <legalnotice>
      Licensed under the Apache License, Version 2.0 (the "License");
      you may not use this file except in compliance with the License.
      You may obtain a copy of the License at
 
          http://www.apache.org/licenses/LICENSE-2.0

      Unless required by applicable law or agreed to in writing, software
      distributed under the License is distributed on an "AS IS" BASIS,
      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
      See the License for the specific language governing permissions and
      limitations under the License.
    
    </legalnotice>

    <title>Using the File Transfer Service</title>
    <prepared></prepared>
    <docno></docno>
    <date>2001-08-07</date>
    <rev></rev>
    <file>ch_system.xml</file>
  </header>

  <section>
    <title>Overview</title>
    <p>This chapter describes how two File Transfer Service applications interact.</p>

    <section>
      <title>Components</title>
      <p>There are several ways the OMG File Transfer Service can be used. 
        Below one scenario is visualized: </p>
      <marker id="CosFileTransfer"></marker>
      <image file="CosFileTransfer.gif">
        <icaption>Figure 1: The File Transfer Service Components.</icaption>
      </image>
      <list type="bulleted">
        <item><em>Source ORB:</em> this is the ORB we want to transfer a file from/via and it holds 
         an object reference to a 
        <seealso marker="CosFileTransfer_VirtualFileSystem">Virtual File System (VFS)</seealso> which, 
         in this example, represents an FTP server.</item>
        <item><em>Target ORB:</em> the goal may be, for example, to transfer a new file or append to an 
         existing file placed at the location that this ORB's <c>VFS</c> represents.
         In this scenario it is the local disk or the NFS.</item>
        <item><em>Transport Protocol:</em> initially the ORB's, i.e., target and source, communicate via
         normal <c>CORBA</c> requests to determine whether or not they can communicate. If the 
         File Transfer Service's have one, or more, <c>Transport Protocol</c> in common the data
         will be streamed using this protocol. The cosFileTransfer application currently supports 
        <c>TCP/IP</c> and <c>SSL</c>.</item>
      </list>
      <p>Which type of file system the <c>VFS</c> is supposed to represent is determined
        by the options given when creating it, which is also how one determine which 
        <c>Transport Protocol</c> to use. Hence, the source and target <c>VFS</c> described above
        can be started by invoking, respectively, the following operations:</p>
      <code type="none">
1> SVFS = cosFileTransferApp:create_VFS('FTP', [], Host, 21, [{protocol, tcp}]),
2> TVFS = cosFileTransferApp:create_VFS({'NATIVE', 'cosFileTransferNATIVE_file'}, 
                                        [], OtherHost, 0, [{protocol, tcp}]),
      </code>
      <p>Naturally can any combination of <c>VFS</c>-types be used and it is also possible
        to use own drivers, i.e., <c>{'NATIVE', 'MyDriver'}</c>.</p>
      <p>After creating necessary <c>VFS's</c> we can login in and perform operations
        on files and directories residing on each file system.</p>
    </section>

    <section>
      <title>How To Use SSL</title>
      <p>To be able to use <c>SSL</c> as transport protocol a few configuration
        parameters must be set. The required parameters depend on if Orber is
        the target or/and the source ORB. However, the SSL_CERT_FILE variable
        must be defined in both cases.</p>
      <p>Setting of a CA certificate file with an option does not work due to 
        weaknesses in the SSLeay package. A work-around in the ssl application is 
        to set the OS environment variable SSL_CERT_FILE before SSL is started. 
        However, then the CA certificate file will be global for all connections 
        (both incoming and outgoing calls).</p>

      <section>
        <title>Configurations when cosFileTransfer is Used as Target</title>
        <p>The following three configuration variables can be used to configure
          cosFileTransfer's SSL target behavior.</p>
        <list type="bulleted">
          <item><em>ssl_server_certfile</em> which is a path to a file containing a
           chain of PEM encoded certificates for cosFileTransfer as target.</item>
          <item><em>ssl_server_verify</em> which specifies type of verification: 
           0 = do not verify peer; 1 = verify peer, verify client once, 2 = 
           verify peer, verify client once, fail if no peer certificate. 
           The default value is 0.</item>
          <item><em>ssl_server_depth</em> which specifies verification depth, i.e.
           how far in a chain of certificates the verification process shall 
           proceed before the verification is considered successful. The
           default value is 1. </item>
        </list>
        <p>There also exist a number of API functions for accessing the values of 
          these variables:</p>
        <list type="bulleted">
          <item>cosFileTransferApp:ssl_server_certfile/0</item>
          <item>cosFileTransferApp:ssl_server_verify/0</item>
          <item>cosFileTransferApp:ssl_server_depth/0</item>
        </list>
      </section>

      <section>
        <title>Configurations when cosFileTransfer is used as Source</title>
        <p>Below is the list of configuration variables used when cosFileTransfer
          act as the source application.</p>
        <list type="bulleted">
          <item><em>ssl_client_certfile</em> which is a path to a file containing a
           chain of PEM encoded certificates used in outgoing calls.</item>
          <item><em>ssl_client_verify</em> which specifies type of verification: 
           0 = do not verify peer; 1 = verify peer, verify client once, 2 = 
           verify peer, verify client once, fail if no peer certificate. 
           The default value is 0.</item>
          <item><em>ssl_client_depth</em> which specifies verification depth, i.e. 
           how far in a chain of certificates the verification process shall
           proceed before the verification is considered successful. The
           default value is 1. </item>
        </list>
        <p>There also exist a number of API functions for accessing the values of
          these variables in the client processes:</p>
        <list type="bulleted">
          <item>cosFileTransferApp:ssl_client_certfile/0</item>
          <item>cosFileTransferApp:ssl_client_verify/0</item>
          <item>cosFileTransferApp:ssl_client_depth/0</item>
        </list>
      </section>
    </section>
  </section>
</chapter>