ssl - 如果使用 SSLClientKeystoredb 和 SSLClientKeystash 关键字,与 Db2 的 SSL 连接会失败。C++
问题描述
在服务器上,我使用自签名证书创建了 kdb 存储:
gsk8capicmd_64.exe -keydb -create -db server.kdb -stash -genpw
gsk8capicmd_64.exe -cert -create -db server.kdb -stashed -label server_cert -dn "CN=TestCompany"
gsk8capicmd_64.exe -cert -extract -db server.kdb -stashed -label server_cert -target server_cert.arm -format ascii
将 Db2 实例配置为使用 SSL:
db2 "UPDATE DBM CFG USING SSL_SVR_KEYDB <full path to server.kdb>"
db2 "UPDATE DBM CFG USING SSL_SVR_STASH <full path to server.sth>"
db2 "UPDATE DBM CFG USING SSL_SVR_LABEL server_cert"
db2 "UPDATE DBM CFG USING SSL_SVCENAME db2cs_DB2"
db2set -i <instance_name> DB2COMM=SSL
db2stop
db2start
在客户端上添加 server_cert.arm 到客户端存储
gsk8capicmd_64.exe -keydb -create -db client.kdb -stash -genpw
gsk8capicmd_64.exe -cert -add -db client.kdb -stashed -label client_cert -file server_cert.arm -format ascii
在服务器上,我创建了数据库 TDB 并在客户端机器上对其进行编目:
db2 "CATALOG TCPIP NODE SSLNODE REMOTE ... SERVER ... SECURITY SSL"
db2 "CATALOG DB TDB AS TDBSSL AT NODE SSLNODE"
设置 SSL_CLNT_KEYDB 和 SSL_CLNT_STASH 来测试连接:
db2 "UPDATE DBM CFG USING SSL_CLNT_KEYDB <full path to client.kdb>"
db2 "UPDATE DBM CFG USING SSL_CLNT_STASH <full path to client.sth>"
db2stop
db2start
并且db2 connect to TDBSSL user ... using ...
有效。
将客户端实例配置恢复到其原始状态
db2 "UPDATE DBM CFG USING SSL_CLNT_KEYDB NULL"
db2 "UPDATE DBM CFG USING SSL_CLNT_STASH NULL"
db2stop
db2start
接下来我尝试从 C++ 代码连接到 TDBSSL。如果我使用类似的连接字符串DSN=TDBSSL;UID=...;PWD=...;Security=ssl;SSLServerCertificate=<full path to server_cert.arm>"
,则连接已建立
但是如果我使用 SSLClientKeystoredb 和 SSLClientKeystash 关键字
DSN=TDBSSL;UID=...;PWD=...;Security=ssl;SSLClientKeystoredb=<full path to client.kdb>;SSLClientKeystash=<full path to client.sth>;
,连接失败并出现错误
[IBM][CLI Driver] SQL30081N A communication error has been detected. Communication protocol being used: "SSL". Communication API being used: "SOCKETS". Location where the error was detected: "". Communication function detecting the error: "sqlccSSLSocketSetup". Protocol specific error code(s): "414", "*", "*". SQLSTATE=08001
也许我错过了一些东西并且第二个连接字符串是错误的或者应该包含一些额外的关键字?
客户端 db2level
DB21085I This instance or install (instance name, where applicable: "DB2")
uses "64" bits and DB2 code release "SQL11013" with level identifier
"0204010F".
Informational tokens are "DB2 v11.1.3030.239", "s1803021700",
"DYN1803021700WIN64", and Fix Pack "3".
Product is installed at "C:\PROGRA~1\IBM\SQLLIB" with DB2 Copy Name "DB2COPY1"
服务器 db2level
DB21085I This instance or install (instance name, where applicable: "d111a1")
uses "64" bits and DB2 code release "SQL11014" with level identifier
"0205010F".
Informational tokens are "DB2 v11.1.4.4", "s1808090100", "DYN1808090100AMD64",
and Fix Pack "4".
Product is installed at "/opt/ibm/db2/V11.1_01".
解决方案
推荐阅读
- python - 读取 html 文件并将其显示在 tkinter 窗口中
- php - 使用 PHP 和 MySqli 将索引数组插入数据库
- ios - 当我从 main.m 更改为 appdegelegate.swift 时,React-native IOS 应用程序在启动时变为空白
- php - 使用子值上的动态键对多维数组进行排序 - PHP
- c++ - 如何在 curl 中获取 curl/curl.h?
- java - 从 tika-app 调用 ctakes 解析器时出现异常
- scala - 如何在 O(n) 时间内使用不可变集合同时保留匹配和不匹配的部分
- macos - 在 MacOS 上的另一个屏幕上打开弹出菜单
- c++ - istringstream 和读取浮点数的 C++ 问题
- git - 取消设置/忘记/替换用户 git Credential.Helper 并记住新用户