Using SSL v17

EDB Postgres Advanced Server provides native support for using SSL connections to encrypt client/server communications for increased security. In OCL, it's controlled by setting the sslmode parameter to verify-full or verify-ca and providing the system with a root certificate to verify against.

Steps of SSL configuration

  1. Configure the server and client-side certificates. For detailed information about configuring SSL client and server-side certificates, refer to the PostgreSQL SSL documentation.

  2. Enable the SSL OCL connection. In an OCL client application, you can enable SSL mode by setting the EDB_ATTR_SSL attribute in Session:

char* sslmode = "verify-full";
retValue = OCIAttrSet((dvoid*)authp,
                      (ub4)OCI_HTYPE_SESSION,
                      (dvoid*)sslmode,
                      (ub4)strlen((char*)sslmode),
                      (ub4)EDB_ATTR_SSL,
                      errhp);
Note

EDB_ATTR_SSL is defined in the edboci.h header file available in the installation directory.

  1. After setting the SSL attribute, you can use the OCILogon function to create a connection:
OCILogon(pEnv,pError,&pSvc,(OraText*)pUsername,ub4)UsernameLen,
        (OraText*)pPassword,(ub4)PasswordLen,
        (OraText*)pDatabase,(ub4)DatabaseLen);

Once the server is authenticated, then the client is ready to pass sensitive data.

For more information about the supported SSL mode options, see the PostgreSQL SSL documentation.