This page provides guidelines on enabling TLS in NuoDB's C++ driver.
Note: For the C++ driver to use TLS, the domain first needs to be set up for TLS. For more information, see Enabling TLS Encryption.
The trustStore
property must be provided in the Connection::create
method, as seen in the following example:
connection = Connection::create( dbName, "dba", // username "goalie", // password 2, // number of properties "schema", "hello", "trustStore", "<NUODB_HOME>/var/etc/nuoadmin.cert" ); }
Note: The truststore is expected to either be a file in PEM format or a directory containing multiple PEM files.
By default, the C++ driver is set up to match the DN name in the certificate against the hostname. To disable hostname verification, set the verifyHostname
connection property to false
. For more information on using verifyHostname
, see Connection Properties.
Note: OpenSSL does not support *.tld
wildcards as part of the Subject Alternative Name. The non-wildcard portion of the domain name needs to have at least two labels. If you try to use the C++ driver with hostname verification enabled, it fails with "certificate verify failed".