Skip to main content

Connect client software to FairCom's ISAM, CTDB, and SQL APIs

Use TLS to connect client software to FairCom's ISAM, CTDB, and SQL APIs

Abstract

Use TLS to connect client software to FairCom's ISAM, CTDB, and SQL APIs

FairCom’s ISAM, SQL ODBC, and SQL JDBC client libraries require putting a server certificate file in the client process' working directory. This file must be a PEM file containing the server certificate.  By default, the file must be named ctsrvr.pem

Client software can use the following code to register a certificate that FairCom's driver will use to validate the server certificate:ctSetCommProtocolOption

ctSetCommProtocolOption(ctCOMMOPT_FSSLTCP_SERVER_CERTIFICATE, "my server cert.pem");

If you want to establish TLS communications with a FairCom server but do not want to verify the server’s identity, use the following code to register an empty server certificate file name with FairCom’s client software. This approach is vulnerable to a man-in-the-middle attack.ctSetCommProtocolOption

ctSetCommProtocolOption(ctCOMMOPT_FSSLTCP_SERVER_CERTIFICATE, "");

If an error occurs when connecting using TLS, the connection attempt returns error 1104 (SSLCONN_ERR)

For troubleshooting, client software can use the following code to enable TLS logging to the specified file name:ctSetCommProtocolOption

ctSetCommProtocolOption(ctCOMMOPT_FSSLTCP_DEBUG_LOG, "ssldebug.log"); 

Alternatively, you can also set the environment variable CTSSL_DEBUG_LOG to the name of the SSL debug log file. 

You can use TLS security keywords to modify TLS behavior on a FairCom server.