SSLCRC | TLS Connections | CLIv2 - SSLCRC - Call-Level Interface Version 2

Teradata® Call-Level Interface Version 2 Reference for Workstation-Attached Systems - 20.00

Deployment
VantageCloud
VantageCore
Edition
Enterprise
IntelliFlex
Lake
VMware
Product
Call-Level Interface Version 2
Release Number
20.00
Published
January 2024
Language
English (United States)
Last Update
2024-05-14
dita:mapPath
bmn1691484839905.ditamap
dita:ditavalPath
obe1474387269547.ditaval
dita:id
fvz1470444150352
Product Category
Teradata Tools and Utilities

Use SSLCRC to control what certificate revocation status values CLI will allow a TLS connection to be made.

Value Description
allow Establish the session if the certificate chain status is GOOD or UNKNOWN.

Client products will not establish a session when the certificate is definitively REVOKED.

This is the default value for CLI.

require Client products will establish a session when the certificate chain status is definitively GOOD, and return an error for any other status.

Certificate revocation status is only checked if sslmode=verify-full. For any other values of sslmode, certificate status is not checked.

The parameter can be set in the following locations:

clispb.dat (For more information, see System Parameter Block (SPB) Processing.)

Add the following line to clispb.dat:

sslcrc={allow | require}

Environment variable

Set the following environment variable prior to running the client application:

Non-Windows:

$ export SSLCRC={allow | require}

Windows:

C:\> set SSLCRC={allow | require}

DBCAREA Connection string

The connect_ptr parameter in the DBCAREA structure can be set to a string containing the sslocsp attribute:

dbcarea.connect_ptr = "sslcrc={allow | require}"

Set the dbcarea.connect_len parameter to the length of the string assigned to dbcarea.connect_ptr.

The order of precedence for the these methods is as follows:

  1. clispb.dat
  2. Environment variable
  3. dbcarea.connect_ptr