Using SSL v17

Suggest edits

EDB Postgres Advanced Server provides native support for using SSL connections to encrypt client/server communications for increased security. In OCL, it's controlled by setting the sslmode parameter to verify-full or verify-ca and providing the system with a root certificate to verify against.

Steps of SSL configuration

Configure the server and client-side certificates. For detailed information about configuring SSL client and server-side certificates, refer to the PostgreSQL SSL documentation.
Enable the SSL OCL connection. In an OCL client application, you can enable SSL mode by setting the EDB_ATTR_SSL attribute in Session:

char* sslmode = "verify-full";
retValue = OCIAttrSet((dvoid*)authp,
                      (ub4)OCI_HTYPE_SESSION,
                      (dvoid*)sslmode,
                      (ub4)strlen((char*)sslmode),
                      (ub4)EDB_ATTR_SSL,
                      errhp);

Note

EDB_ATTR_SSL is defined in the edboci.h header file available in the installation directory.

After setting the SSL attribute, you can use the OCILogon function to create a connection:

OCILogon(pEnv,pError,&pSvc,(OraText*)pUsername,ub4)UsernameLen,
        (OraText*)pPassword,(ub4)PasswordLen,
        (OraText*)pDatabase,(ub4)DatabaseLen);

Once the server is authenticated, then the client is ready to pass sensitive data.

For more information about the supported SSL mode options, see the PostgreSQL SSL documentation.

On this page
Steps of SSL configuration

← Prev

Generating the OCL trace

↑ Up

EDB OCL Connector

Scram compatibility

Using SSL v17

Steps of SSL configuration

Note

← Prev

↑ Up

Next →