1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
|
<html>
<!-- $Id$ -->
<!-- #BeginTemplate "/Templates/TAO_Security.dwt" -->
<head>
<!-- #BeginEditable "doctitle" -->
<title>TAO -- Using SSLIOP</title>
<!-- #EndEditable -->
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<script language="JavaScript">
<!--
function MM_preloadImages() { //v3.0
var d=document; if(d.images){ if(!d.MM_p) d.MM_p=new Array();
var i,j=d.MM_p.length,a=MM_preloadImages.arguments; for(i=0; i<a.length; i++)
if (a[i].indexOf("#")!=0){ d.MM_p[j]=new Image; d.MM_p[j++].src=a[i];}}
}
function MM_findObj(n, d) { //v3.0
var p,i,x; if(!d) d=document; if((p=n.indexOf("?"))>0&&parent.frames.length) {
d=parent.frames[n.substring(p+1)].document; n=n.substring(0,p);}
if(!(x=d[n])&&d.all) x=d.all[n]; for (i=0;!x&&i<d.forms.length;i++) x=d.forms[i][n];
for(i=0;!x&&d.layers&&i<d.layers.length;i++) x=MM_findObj(n,d.layers[i].document); return x;
}
function MM_nbGroup(event, grpName) { //v3.0
var i,img,nbArr,args=MM_nbGroup.arguments;
if (event == "init" && args.length > 2) {
if ((img = MM_findObj(args[2])) != null && !img.MM_init) {
img.MM_init = true; img.MM_up = args[3]; img.MM_dn = img.src;
if ((nbArr = document[grpName]) == null) nbArr = document[grpName] = new Array();
nbArr[nbArr.length] = img;
for (i=4; i < args.length-1; i+=2) if ((img = MM_findObj(args[i])) != null) {
if (!img.MM_up) img.MM_up = img.src;
img.src = img.MM_dn = args[i+1];
nbArr[nbArr.length] = img;
} }
} else if (event == "over") {
document.MM_nbOver = nbArr = new Array();
for (i=1; i < args.length-1; i+=3) if ((img = MM_findObj(args[i])) != null) {
if (!img.MM_up) img.MM_up = img.src;
img.src = (img.MM_dn && args[i+2]) ? args[i+2] : args[i+1];
nbArr[nbArr.length] = img;
}
} else if (event == "out" ) {
for (i=0; i < document.MM_nbOver.length; i++) {
img = document.MM_nbOver[i]; img.src = (img.MM_dn) ? img.MM_dn : img.MM_up; }
} else if (event == "down") {
if ((nbArr = document[grpName]) != null)
for (i=0; i < nbArr.length; i++) { img=nbArr[i]; img.src = img.MM_up; img.MM_dn = 0; }
document[grpName] = nbArr = new Array();
for (i=2; i < args.length-1; i+=2) if ((img = MM_findObj(args[i])) != null) {
if (!img.MM_up) img.MM_up = img.src;
img.src = img.MM_dn = args[i+1];
nbArr[nbArr.length] = img;
} }
}
//-->
</script>
</head>
<body bgcolor="#FFFFFF" onLoad="MM_preloadImages('fireworks/nav_bar_r02_c2_f3.gif','fireworks/nav_bar_r02_c2_f2.gif','fireworks/nav_bar_r04_c2_f3.gif','fireworks/nav_bar_r04_c2_f2.gif','fireworks/nav_bar_r04_c2_f4.gif','fireworks/nav_bar_r06_c2_f3.gif','fireworks/nav_bar_r06_c2_f2.gif','fireworks/nav_bar_r06_c2_f4.gif','fireworks/nav_bar_r08_c2_f3.gif','fireworks/nav_bar_r08_c2_f2.gif','fireworks/nav_bar_r08_c2_f4.gif','fireworks/nav_bar_r10_c2_f3.gif','fireworks/nav_bar_r10_c2_f2.gif','fireworks/nav_bar_r10_c2_f4.gif','fireworks/nav_bar_r12_c2_f3.gif','fireworks/nav_bar_r12_c2_f2.gif','fireworks/nav_bar_r12_c2_f4.gif','fireworks/nav_bar_r02_c2_f4.gif')">
<div id="Layer2" style="position:absolute; left:89px; top:32px; width:792px; height:125px; z-index:2">
<h1 align="center"><img src="images/CORBA_Security.jpg" width="500" height="131" align="middle"></h1>
</div>
<div id="Layer3" style="position:absolute; left:257px; top:199px; width:625px; height:1px; z-index:3"><!-- #BeginEditable "Body" -->
<h2>Using SSLIOP</h2>
<hr>
<ul>
<li><a href="#loading">Loading and Configuring the SSLIOP Pluggable Protocol</a></li>
<li><a href="#ssliop_current">Using the <code>SSLIOP::Current</code> Object</a></li>
</ul>
<hr>
<h3><a name="loading"></a>Loading and Configuring the SSLIOP Pluggable Protocol</h3>
<p>TAO implements SSL as a pluggable protocol. As such, it must be dynamically
loaded into the ORB. You must use a service configurator file to do this.
The service configurator options for the ORB are described in detail in <a href="../docs/components.html?rev=HEAD&content-type=text/html">
Options for TAO Components</a>. In this case you have to create a <code>svc.conf</code>
file that includes: </p>
<pre>
dynamic SSLIOP_Factory Service_Object *
TAO_SSLIOP:_make_TAO_SSLIOP_Protocol_Factory() ""
static Resource_Factory "<font color="#009900">-ORBProtocolFactory SSLIOP_Factory</font>"</pre>
<p>Note that "<code>TAO_SSLIOP:_make...</code>" is part of the first
line. This will load the SSLIOP protocol from the library called <code>TAO_SSL</code>
and then use that protocol in the ORB. The SSLIOP protocol has a number of
configuration options that we describe below. </p>
<h4>SSLIOP Options</h4>
<p>Once the SSLIOP protocol is loaded you may want to setup the private key
and certificate files, the authentication level and similar features. This
is done by setting more options in the service configurator file, for example:
</p>
<pre>dynamic SSLIOP_Factory Service_Object *
TAO_SSLIOP:_make_TAO_SSLIOP_Protocol_Factory()"<font color="#009900">-SSLAuthenticate SERVER</font>"</pre>
<p>will enforce validation of the server certificate on each SSL connection.
Note that "<code>TAO_SSLIOP:_make...</code>" is part of the first
line. The complete list of options is: </p>
<p>
<table border="2" cellspacing="2" cellpadding="0" align="center" width="100%" >
<tr>
<th>Option</th>
<th>Description</th>
</tr>
<tr>
<td><code>-SSLNoProtection</code></td>
<td>
<p>On the client side, this option forces request invocations to use the
standard insecure IIOP protocol.</p>
<p>On the server side, use of this option allows invocations on the server
to be made through the standard insecure IIOP protocol. Request invocations
through SSL may still be made.</p>
<p>This option will be deprecated once the <code>SecurityLevel2::SecurityManager</code>
interface as defined in the CORBA Security Service is implemented.</p>
</td>
</tr>
<tr>
<td><code>-SSLCertificate</code> <em>FORMAT:filename</em></td>
<td> Set the name of the file that contains the certificate for this process.
The file can be in Privacy Enhanced Mail (<code>PEM</code>) format or
ASN.1 (<code>ASN1</code>). Remember that the certificate must be signed
by a Certificate Authority recognized by the client. </td>
</tr>
<tr>
<td><code>-SSLPrivateKey</code> <em>FORMAT:filename</em></td>
<td> Set the name of the file that contains the private key for this process.
The private key and certificate files must match. It is extremely important
that you secure your private key! By default the <code>OpenSSL</code>
utilities will generate pass phrase protected private key files. The password
is prompted when you run the CORBA application. </td>
</tr>
<tr>
<td><code>-SSLAuthenticate</code> <em>which</em></td>
<td> Control the level of authentication. The argument can be <code>NONE</code>,
<code>SERVER</code>, <code>CLIENT</code> or <code>SERVER_AND_CLIENT</code>.
Due to limitations in the SSL protocol <code>CLIENT</code> implies that
the server is authenticated too. </td>
</tr>
<tr>
<td><code>-SSLAcceptTimeout</code> <em>which</em></td>
<td>Set the maximum amount of time to allow for establishing a
SSL/TLS passive connection, <em>i.e.</em> for accepting a
SSL/TLS connection. The default value is <code>10</code>
seconds.
<p>See the discussion in <a
href="http://deuce.doc.wustl.edu/bugzilla/show_bug.cgi?id=1348">Bug 1348</a> in our <a href="http://deuce.doc.wustl.edu/bugzilla/index.cgi">bug
tracking system</a> for the rationale behind this option.</td>
</tr>
<tr>
<td><code>-SSLDHParams</code> <em>filename</em></td>
<td>Set the filename containing the Diffie-Hellman parameters to
be used when using DSS-based certificates. The specified
file may be a file containing only Diffie-Hellman
parameters created by "<code>openssl dhparam</code>", or
it can be a certificate containing a PEM encoded set of
Diffie-Hellman parameters.</td>
</tr>
</table>
<h4>Environment variables</h4>
<p>The SSLIOP protocol uses the following environment variables to control its
behavior. </p>
<p>
<table border="2" cellspacing="2" cellpadding="0" width="100%" >
<tr>
<th>Environment Variable</th>
<th>Description</th>
</tr>
<tr>
<td><code>SSL_CERT_FILE</code> <em>filename</em></td>
<td> The name of the file that contains all the trusted certificate authority
self-signed certificates. By default it is set to the value of the <code>ACE_DEFAULT_SSL_CERT_FILE</code>
macro. </td>
</tr>
<tr>
<td><code>SSL_CERT_DIR</code> <em>directory</em></td>
<td> The name of the directory that contains all the trusted certificate
authority self-signed certificates. By default it is set to the value
of the <code>ACE_DEFAULT_SSL_CERT_DIR</code> macro. This directory must
be indexed using the OpenSSL format, i.e. each certificate is aliased
with the following link:
<pre>
$ ln -s cacert.pem `openssl x509 -noout -hash < cacert.pem`.0
</pre>
Consult the documentation of your SSL implementation for more details.
</td>
<tr>
<td><code>SSL_EGD_FILE </code><em>filename</em></td>
<td>The name of the UNIX domain socket that the <a href="http://www.lothar.com/tech/crypto/">Entropy
Gathering Daemon (EGD)</a> is listening on.</td>
<tr>
<td><code>SSL_RAND_FILE </code><em>filename</em></td>
<td>The file that contains previously saved state from OpenSSL's pseudo-random
number generator.</td>
</table>
<hr>
<h3><a name="ssliop_current"></a>Using the <code>SSLIOP::Current</code> Object</h3>
<p></p>
<p>TAO's SSLIOP pluggable protocol allows an application to gain access to the
SSL session state for the current request. For example, it allows an application
to obtain the SSL peer certificate chain associated with the current request
so that the application can decide whether or not to reject the request. This
is achieved by invoking certain operations on the <code>SSLIOP::Current</code>
object. The interface for <code>SSLIOP::Current</code> object is:</p>
<p><code>module <b>SSLIOP</b> {</code></p>
<p><code><font color="#0000FF"># pragma prefix</font> "<font color="#009900">omg.org</font>"</code></p>
<blockquote>
<p><code> <font color="#FF0000">/// A <b>DER</b> encoded X.509 certificate.</font><br>
typedef sequence<octet> ASN_1_Cert;</code></p>
<p><code> <font color="#FF0000">/// A chain of <b>DER</b> encoded X.509 certificates.
The chain<br>
/// is actually a sequence. The sender's certificate is<br>
/// first, followed by any Certificate Authority<br>
/// certificates proceeding sequentially upward.</font><br>
typedef sequence<ASN_1_Cert> SSL_Cert;</code></p>
</blockquote>
<p><code> <font color="#FF0000">/// The following are TAO
extensions.</font><br>
<font color="#0000FF"># pragma prefix</font> "<font color="#009900">ssliop.tao</font>"</code></p>
<blockquote>
<p><code> <font color="#FF0000">/// The SSLIOP::Current interface provides
methods to<br>
/// gain access to the SSL session state for the current<br>
/// execution context.</font><br>
local interface <b>Current</b> : CORBA::Current {</code> </p>
<blockquote>
<p><code> <font color="#FF0000">/// Exception that indicates a SSLIOP::Current<br>
/// operation was invoked outside of an SSL<br>
/// session.</font><br>
exception NoContext {};</code></p>
<p><code> <font color="#FF0000">/// Return the certificate chain associated
with<br>
/// the current execution context. If no SSL<br>
/// session is being used for the request or<br>
/// upcall, then the NoContext exception is<br>
/// raised.</font><br>
SSL_Cert get_peer_certificate_chain ()<br>
raises
(N</code><code>oContext);</code></p>
</blockquote>
<p><code>};</code></p>
</blockquote>
<p><code> <font color="#0000FF"># pragma prefix</font> "<font color="#009900">omg.org</font>"</code></p>
<p><code>};</code></p>
<h4>Obtaining a Reference to the <code>SSLIOP::Current</code> Object</h4>
<p>A reference to the <code>SSLIOP::Current</code> object may be obtained using
the standard <code>CORBA::ORB::resolve_initial_references()</code> mechanism
with the argument <code>"<font color="#009900">SSLIOPCurrent</font>"</code>.
Here is an example:</p>
<blockquote>
<p><code>int argc = 0;</code></p>
<p><code>CORBA::ORB_var orb =<br>
CORBA::ORB_init (argc, "", "<font color="#009900">my_orb</font>");</code></p>
<p><code>CORBA::Object_var obj =<br>
orb->resolve_initial_references ("<font color="#009900">SSLIOPCurrent</font>");</code></p>
<p><code><b>SSLIOP</b>::<b>Current_var</b> ssliop =<br>
<b>SSLIOP</b>::<b>Current</b>::_narrow (obj.in ());</code></p>
</blockquote>
<h4>Examining the Peer Certificate for the Current Request Using <a href="http://www.openssl.org/">OpenSSL</a></h4>
<p>Once a reference to the <code>SSLIOP::Current</code> object has been retrieved,
the peer certificate for the current request may be obtained by invoking the
<code>SSLIOP::get_peer_certificate</code> method, as follows:</p>
<blockquote>
<p><code><font color="#FF0000">// This method can throw a <b>SSLIOP::Current::NoContext</b><br>
// exception if it is not invoked during a request being<br>
// performed over SSL.</font><br>
<b>SSLIOP::ASN_1_Cert_var</b> cert =<br>
ssliop->get_peer_certificate ();</code></p>
</blockquote>
<p>The retrieved X.509 peer certificate is in DER (a variant of ASN.1) format.
DER is the on-the-wire format used to transmit certificates between peers.
</p>
<p> OpenSSL can be used to examine the certificate. For example, to extract
and display the certificate issuer from the DER encoded X.509 certificate,
the following can be done:</p>
<blockquote>
<p><code><font color="#0000FF">#include</font> <<font color="#009900">openssl/x509.h</font>><br>
<font color="#0000FF">#include</font> <<font color="#009900">iostream</font>></code><code><br>
<font color="#FF0000">.<br>
.<br>
.</font> <br>
<font color="#FF0000">// Obtain the underlying buffer from the<br>
// SSLIOP::ASN_1_Cert.</font><br>
CORBA::Octet *der_cert = cert->get_buffer ();<br>
<br>
char buf[BUFSIZ];<br>
<br>
<font color="#FF0000">// Convert the DER encoded X.509 certificate into<br>
// OpenSSL's internal format.</font><br>
<b>X509</b> *peer = ::<b>d2i_X509</b> (0, &der_cert, cert->length ());<br>
<br>
::<b>X509_NAME_oneline</b> (<br>
::<b>X509_get_issuer_name</b> (peer),<br>
buf,<br>
BUFSIZ);<br>
<br>
std::cout << "<font color="#009900">Certificate issuer: </font>"
<< buf << std::endl;<br>
<br>
::<b>X509_free</b> (peer);</code></p>
</blockquote>
<p> </p>
<address></address>
<table width="100%" border="0">
<tr>
<td>
<p><font face="Georgia, Times New Roman, Times, serif"><font face="Arial, Helvetica, sans-serif"><a href="mailto:ossama@dre.vanderbilt.edu">Ossama
Othman<br>
</a></font></font><font face="Georgia, Times New Roman, Times, serif"><a href="mailto:coryan@uci.edu"><font face="Arial, Helvetica, sans-serif">Carlos
O'Ryan</font></a><font face="Arial, Helvetica, sans-serif"> </font></font></p>
</td>
<td><a href="http://www.openssl.org/"><img src="images/openssl_button.gif" width="102" height="47" align="right" border="0"></a></td>
</tr>
</table>
<h2> </h2>
<!-- #EndEditable --></div>
<div id="Layer1" style="position:absolute; left:87px; top:162px; width:153px; height:373px; z-index:4"><!-- Image with table -->
<table border="0" cellpadding="0" cellspacing="0" width="158">
<!-- fwtable fwsrc="Untitled" fwbase="nav_bar.gif" -->
<tr> <!-- Shim row, height 1. -->
<td><img src="/fireworks/shim.gif" width="9" height="1" border="0" name="undefined_2"></td>
<td><img src="/fireworks/shim.gif" width="141" height="1" border="0" name="undefined_2"></td>
<td><img src="/fireworks/shim.gif" width="8" height="1" border="0" name="undefined_2"></td>
<td><img src="/fireworks/shim.gif" width="1" height="1" border="0" name="undefined_2"></td>
</tr>
<tr valign="top"><!-- row 1 -->
<td colspan="3"><img name="nav_bar_r01_c1" src="fireworks/nav_bar_r01_c1.gif" width="158" height="35" border="0"></td>
<td><img src="/fireworks/shim.gif" width="1" height="35" border="0" name="undefined_2"></td>
</tr>
<tr valign="top"><!-- row 2 -->
<td rowspan="12"><img name="nav_bar_r02_c1" src="fireworks/nav_bar_r02_c1.gif" width="9" height="342" border="0"></td>
<td><a href="index.html" onMouseOut="MM_nbGroup('out');" onMouseOver="MM_nbGroup('over','Home','fireworks/nav_bar_r02_c2_f2.gif','fireworks/nav_bar_r02_c2_f4.gif',1)" onClick="MM_nbGroup('down','navbar1','Home','fireworks/nav_bar_r02_c2_f3.gif',1)" ><img name="Home" src="fireworks/nav_bar_r02_c2.gif" border="0" onLoad=""></a></td>
<td rowspan="12"><img name="nav_bar_r02_c3" src="fireworks/nav_bar_r02_c3.gif" width="8" height="342" border="0"></td>
<td><img src="/fireworks/shim.gif" width="1" height="36" border="0" name="undefined_2"></td>
</tr>
<tr valign="top"><!-- row 3 -->
<td><img name="nav_bar_r03_c2" src="fireworks/nav_bar_r03_c2.gif" width="141" height="5" border="0"></td>
<td><img src="/fireworks/shim.gif" width="1" height="5" border="0" name="undefined_2"></td>
</tr>
<tr valign="top"><!-- row 4 -->
<td><a href="Download.html" onMouseOut="MM_nbGroup('out');" onMouseOver="MM_nbGroup('over','Download','fireworks/nav_bar_r04_c2_f2.gif','fireworks/nav_bar_r04_c2_f4.gif',1)" onClick="MM_nbGroup('down','navbar1','Download','fireworks/nav_bar_r04_c2_f3.gif',1)" ><img name="Download" src="fireworks/nav_bar_r04_c2.gif" width="141" height="36" border="0" onLoad=""></a></td>
<td><img src="/fireworks/shim.gif" width="1" height="36" border="0" name="undefined_2"></td>
</tr>
<tr valign="top"><!-- row 5 -->
<td><img name="nav_bar_r05_c2" src="fireworks/nav_bar_r05_c2.gif" width="141" height="5" border="0"></td>
<td><img src="/fireworks/shim.gif" width="1" height="5" border="0" name="undefined_2"></td>
</tr>
<tr valign="top"><!-- row 6 -->
<td><a href="http://www.cs.wustl.edu/~schmidt/TAO.html" onMouseOut="MM_nbGroup('out');" onMouseOver="MM_nbGroup('over','TAO','fireworks/nav_bar_r06_c2_f2.gif','fireworks/nav_bar_r06_c2_f4.gif',1)" onClick="MM_nbGroup('down','navbar1','TAO','fireworks/nav_bar_r06_c2_f3.gif',1)" ><img name="TAO" src="fireworks/nav_bar_r06_c2.gif" width="141" height="36" border="0" onLoad=""></a></td>
<td><img src="/fireworks/shim.gif" width="1" height="36" border="0" name="undefined_2"></td>
</tr>
<tr valign="top"><!-- row 7 -->
<td><img name="nav_bar_r07_c2" src="fireworks/nav_bar_r07_c2.gif" width="141" height="5" border="0"></td>
<td><img src="/fireworks/shim.gif" width="1" height="5" border="0" name="undefined_2"></td>
</tr>
<tr valign="top"><!-- row 8 -->
<td><a href="SSLIOP.html" onMouseOut="MM_nbGroup('out');" onMouseOver="MM_nbGroup('over','SSLIOP','fireworks/nav_bar_r08_c2_f2.gif','fireworks/nav_bar_r08_c2_f4.gif',1)" onClick="MM_nbGroup('down','navbar1','SSLIOP','fireworks/nav_bar_r08_c2_f3.gif',1)" ><img name="SSLIOP" src="fireworks/nav_bar_r08_c2.gif" width="141" height="36" border="0" onLoad=""></a></td>
<td><img src="/fireworks/shim.gif" width="1" height="36" border="0" name="undefined_2"></td>
</tr>
<tr valign="top"><!-- row 9 -->
<td><img name="nav_bar_r09_c2" src="fireworks/nav_bar_r09_c2.gif" width="141" height="5" border="0"></td>
<td><img src="/fireworks/shim.gif" width="1" height="5" border="0" name="undefined_2"></td>
</tr>
<tr valign="top"><!-- row 10 -->
<td><a href="Security_Service.html" onMouseOut="MM_nbGroup('out');" onMouseOver="MM_nbGroup('over','Security_Service','fireworks/nav_bar_r10_c2_f2.gif','fireworks/nav_bar_r10_c2_f4.gif',1)" onClick="MM_nbGroup('down','navbar1','Security_Service','fireworks/nav_bar_r10_c2_f3.gif',1)" ><img name="Security_Service" src="fireworks/nav_bar_r10_c2.gif" width="141" height="36" border="0" onLoad=""></a></td>
<td><img src="/fireworks/shim.gif" width="1" height="36" border="0" name="undefined_2"></td>
</tr>
<tr valign="top"><!-- row 11 -->
<td><img name="nav_bar_r11_c2" src="fireworks/nav_bar_r11_c2.gif" width="141" height="5" border="0"></td>
<td><img src="/fireworks/shim.gif" width="1" height="5" border="0" name="undefined_2"></td>
</tr>
<tr valign="top"><!-- row 12 -->
<td><a href="FAQ.html" onMouseOut="MM_nbGroup('out');" onMouseOver="MM_nbGroup('over','FAQ','fireworks/nav_bar_r12_c2_f2.gif','fireworks/nav_bar_r12_c2_f4.gif',1)" onClick="MM_nbGroup('down','navbar1','FAQ','fireworks/nav_bar_r12_c2_f3.gif',1)" ><img name="FAQ" src="fireworks/nav_bar_r12_c2.gif" width="141" height="36" border="0" onLoad=""></a></td>
<td><img src="/fireworks/shim.gif" width="1" height="36" border="0" name="undefined_2"></td>
</tr>
<tr valign="top"><!-- row 13 -->
<td><img name="nav_bar_r13_c2" src="fireworks/nav_bar_r13_c2.gif" width="141" height="101" border="0"></td>
<td><img src="/fireworks/shim.gif" width="1" height="101" border="0" name="undefined_2"></td>
</tr>
<!-- This table was automatically created with Macromedia Fireworks 3.0 -->
<!-- http://www.macromedia.com -->
</table>
</div>
<table border="0" cellpadding="0" cellspacing="0">
<tr>
<td> </td>
</tr>
</table>
</body>
<!-- #EndTemplate -->
</html>
|
