If specified, the application only accepts server certificates when the Organization field on the certificate matches this value.
ECC encryption and FIPS-certified encryption require a separate license. All strong encryption technologies are subject to export regulations.
MobiLink clients trust all certificates signed by the certificate authority, so they may also trust certificates that the same certificate authority has issued to other companies. Without a means to discriminate, your clients might mistake a competitor's MobiLink server for your own and accidentally send it sensitive information. This option specifies a further level of verification, that the Organization field in the identity portion of the certificate also matches a value you specify.
For information about how to set network protocol options with dbmlsync, see CommunicationAddress (adr) extended option.
For information about how to set network protocol options with UltraLite, see Network protocol options for UltraLite synchronization streams.
The following examples tell a SQL Anywhere client to check all three identity fields and to accept only the named values. This example verifies all three fields. You can instead choose to verify only one or two fields.
For example, if you have SQL Anywhere clients you can set up certificate verification in the subscription as follows:
CREATE SYNCHRONIZATION SUBSCRIPTION FOR 'user01' TO test_pub ADDRESS 'port=3333; trusted_certificates=certicom.crt; certificate_company=Sybase, Inc.; certificate_unit=iAnywhere;certificate_name=sample'
In an UltraLite application written in embedded SQL in C or C++, you can set up certificate verification as follows, assuming that the trusted certificate was installed in the database when the database was created:
ul_synch_info info; info.stream = "tls"; info.stream_parms = UL_TEXT("port=9999;") UL_TEXT ( "certificate_company=Sybase, Inc.;" ) UL_TEXT ( "certificate_unit=iAnywhere;" ) UL_TEXT ( "certificate_name=sample;" ); ... ULSynchronize( &info );
|Discuss this page in DocCommentXchange.
Send feedback about this page using email.
|Copyright © 2009, iAnywhere Solutions, Inc. - SQL Anywhere 11.0.1|