Using SSL v14

Suggest edits

EDB Postgres Advanced Server provides native support for using SSL connections to encrypt client/server communications for increased security. In OCL, it's controlled by setting the sslmode parameter to verify-full or verify-ca and providing the system with a root certificate to verify against.

Steps of SSL configuration

Configure the server and client-side certificates. For detailed information about configuring SSL client and server-side certificates, refer to the PostgreSQL SSL documentation.
Enable the SSL OCL connection:
In an OCL client application, you can enable SSL mode by setting the EDB_ATTR_SSL attribute in Session.

char* sslmode = "verify-full";
retValue = OCIAttrSet((dvoid*)authp,
                      (ub4)OCI_HTYPE_SESSION,
                      (dvoid*)sslmode,
                      (ub4)strlen((char*)sslmode),
                      (ub4)EDB_ATTR_SSL,
                      errhp);

Note

EDB_ATTR_SSL is defined in the edboci.h header file available in the installation directory.

After setting SSL attribute, you can use the OCILogon function to create a connection:

OCILogon(pEnv,pError,&pSvc,(OraText*)pUsername,ub4)UsernameLen,
        (OraText*)pPassword,(ub4)PasswordLen,
        (OraText*)pDatabase,(ub4)DatabaseLen);

Once the server is authenticated, then the client is ready to pass sensitive data.

For more information about the supported SSL mode options, see the PostgreSQL SSL documentation.

On this page
Steps of SSL configuration