Click here to view and discuss this page in DocCommentXchange. In the future, you will be sent there automatically.

SQL Anywhere 17 » MobiLink and SAP HANA Remote Data Sync - Client Administration » MobiLink client network protocol options

skip_certificate_name_check MobiLink protocol option

Controls whether the client library skips the check of the server host name against the database server certificate host names.

Available protocols

HTTPS, TLS

Default

None

Remarks

Set this boolean option to ON or OFF to control whether the host name of the database server matches any of the host names in the server's certificate. Note, however, that enabling this option may prevent the client from fully authenticating the server, leaving it vulnerable to attack.

When initiating TLS or HTTPS connections, the client libraries will check the host name of the database server against the certificate provided by that server. This check will only happen if none of the certificate_name, certificate_company, or certificate_unit options are specified, or the skip_certificate_name_check option is not enabled. If any of certificate_name, certificate_company, or certificate_unit are specified, only those options are verified. The skip_certificate_name_check option disables the host name check when enabled.

The client matches the host name of the server against the host names listed in the subjectAltName (Subject Alternative Name or SAN) extension and the Common Name (CN) field if the SAN is not present. The SAN may contain multiple host names with wild cards. For example, a Google certificate might include *.google.com, *.google.ca, and *.android.com. Thus, www.google.ca is a valid host name.

HTTPS is only supported for web services client procedures.

Example

The following connection string fragment verifies that myrootcert.crt is at the root of the database server's certificate's signing chain but does not verify that myhost.com is identified in the certificate.

HOST=myhost.com;SERVER=myserver;ENCRYPTION=TLS(trusted_certificate=myrootcert.crt;skip_certificate_name_check=ON)