TibrvSdContext:setDaemonCert()

Method

Declaration

static TibrvStatus setDaemonCert(
    const char*    daemonName,
    const char*    daemonCert);
#define TIBRV_SECURE_DAEMON_ANY_NAME    (NULL)
#define TIBRV_SECURE_DAEMON_ANY_CERT    (NULL)

Purpose

Remarks

When any program transport connects to a secure daemon, it verifies the daemon’s identity using TLS protocols. Certificates registered using this method identify trustworthy daemons. Programs divulge user names and passwords to daemons that present registered certificates.

Parameter	Description
`daemonName`	Register a certificate for a secure daemon with this name. For the syntax and semantics of this parameter, see Daemon Name, below.
`daemonCert`	Register this public certificate. The text of this certificate must be in PEM encoding. See also Certificate.

Parameter

Description

daemonName

Register a certificate for a secure daemon with this name. For the syntax and semantics of this parameter, see Daemon Name, below.

daemonCert

Daemon Name

The daemon name is a three-part string of the form:

    ssl:host:port_number

This string must be identical to the string you supply as the daemon argument to the transport creation call; see TibrvNetTransport::create().

Colon characters (:) separate the three parts.

ssl indicates the protocol to use when attempting to connect to the daemon.

host indicates the host computer of the secure daemon. You can specify this host either as a network IP address, or a hostname. Omitting this part specifies the local host.

port_number specifies the port number where the secure daemon listens for TLS connections.

(This syntax is similar to the syntax connecting to remote daemons, with the addition of the prefix ssl.)

In place of this three-part string, you can also supply the constant TIBRV_SECURE_DAEMON_ANY_NAME. This form lets you register a catch-all certificate that applies to any secure daemon for which you have not explicitly registered another certificate. For example, you might use this form when several secure daemons share the same certificate.

Certificate

For important details, see CA-Signed Certificates in TIBCO Rendezvous Administration.

In place of an actual certificate, you can also supply the constant TIBRV_SECURE_DAEMON_ANY_CERT. The program accepts any certificate from the named secure daemon. For example, you might use this form when testing a secure daemon configuration, before generating any actual certificates.

Any Name and Any Certificate

Notice that the constants TIBRV_SECURE_DAEMON_ANY_NAME and TIBRV_SECURE_DAEMON_ANY_CERT each eliminate one of the two security checks before transmitting sensitive identification data to a secure daemon. We strongly discourage using both of these constants simultaneously, because that would eliminate all security checks, leaving the program vulnerable to unauthorized daemons.

Did you find this helpful?

Yes No