A shared memory performance enhancement has been enabled for all Unix platforms, starting with the base c-treeACE V11.6 line. The following changes have now been well proven in production use since late fall of 2017.
The Unix/Linux shared memory communication protocol has been changed to improve performance by improving the internal spin operation to be more efficient, especially for relatively short database operations.
Compatibility Note: It is important to recompile the client due to this shared memory change. A server that uses this modified shared memory protocol only supports shared memory connections from clients that also use this new enhanced protocol. If an older client (pre-V11.6) attempts to connect, it will fail with error SHMC_ERR (841) and the server will log the following message to CTSTATUS.FCS:
Fri May 26 12:13:07 2017
- User# 00016 FSHAREMM: The client's shared memory version (3) is not compatible with the server's shared memory version (4)
SUBSYSTEM COMM_PROTOCOL SSL section to ctsrvr.cfg containing your specified TLS configuration options. Supported options include:
If x509_AUTHENTICATION is enabled, the following keywords are used to extract a username from the subject field of a successfully authenticated client x509 certificate.
NOTE: all name matching is case insensitive, as is the resulting user name used for login.
If the server has the following configuration:
x509_REQUIREMENT faircom inc
A valid certificate would resolve the user name as "John Doe" with the following subject:
Subject: C=US, ST=Missouri, O=FairCom Inc, OU=R&D, CN=John Doe/emailAddressfirstname.lastname@example.org
It would NOT resolve the user name as “admin" using the following subject, because "Acme Inc" does not match the x509_REQUIREMENT “FairCom Inc”, and an error would be returned.
Subject: C=US, ST=Missouri, O=Acme Inc, OU=R&D, CN=admin/emailAddressemail@example.com
Use the SUBSYSTEM COMM_PROTOCOL SSL keyword DEBUG_LOG = <log file> to aid in debugging certificate name matching.