There are several ways for client software using ISAM and CTDB APIs to use a client certificate to authenticate with a FairCom server.
- Client software can use the following code to register a client certificate for authenticating with a FairCom server:
ctSetCommProtocolOption(ctCOMMOPT_FSSLTCP_CLIENT_CERTIFICATE,"my_client_cert.pem");
This may be overridden by the environment variableCTSSL_CLIENT_CERTIFICATE
When you register a client certificate, the InitISAMX() function ignores the userid and userword arguments.
- Client software can use the following code to register a private key and prove ownership when authenticating with a FairCom server:
ctSetCommProtocolOption(ctCOMMOPT_FSSLTCP_CLIENT_KEY,"my_client_key.pem");
This may be overridden by the environment variableCTSSL_CLIENT_KEY - If the private key is encrypted, use the following code to register a private key password to decrypt an encrypted private key:
ctSetCommProtocolOption(ctCOMMOPT_FSSLTCP_CLIENT_PASSPHRASE,your_function_to_return_passphrase();
Note Before client software can use client certificate authentication, you must enable this feature on a FairCom server.