Enabling TLS in the C++ Driver

This page provides guidelines on enabling TLS in NuoDB’s C++ driver.

For the C++ driver to use TLS, the domain first needs to be set up for TLS. For more information, see Configuring NuoDB Admin TLS Encryption.

The trustStore property must be provided in the Connection::create method, as seen in the following example:

connection = Connection::create(
                   "dba",                  // username
                   "goalie",               // password
                   2,                      // number of properties
                   "schema", "hello",
                   "trustStore", "<NUODB_HOME>/var/etc/nuoadmin.cert"
The truststore is expected to either be a file in PEM format or a directory containing multiple PEM files.

By default, the C++ driver is set up to match the DN name in the certificate against the hostname. To disable hostname verification, set the verifyHostname connection property to false. For more information on using verifyHostname, see Connection Properties.

OpenSSL does not support *.tld wildcards as part of the Subject Alternative Name. The non-wildcard portion of the domain name needs to have at least two labels. If you try to use the C++ driver with hostname verification enabled, it fails with "certificate verify failed".