verify_server

Determines whether a TLS server's certificate will be verified. The default is no.

verify_server | vfy_srv= {yes| y | 1} | {no | n | 0}

Use

This setting must be set to the same (or equivalent) value in the assignment files of both the TLS client and TLS server.

Description

To enable server verification, this setting must be set to yes in the TLS server's assignment file, and to yes in the TLS client assignment files.

To disable server verification, omit this option completely, or set verify_server=no in both the TLS client and the TLS server assignment files.

Defining Connection Profile for Server Verification

The following assignment settings show the matching connection profile definitions in the TLS client and TLS server assignment files

;client.asn
 [NET_SETTINGS]
 CheckServer=verify_server=yes, ca_certificate=servercert.crt 
;urouter.asn
 [NET_SETTINGS]
 CheckServer=verify_server=yes, server_certificate=servercert.crt, %\
             server_key=server.key, server_key_password=pa5sWord

Default Connection Profile for Server Verification

The server certificate and key are not specified, so it is assumed they are in usys:server.crt and usys:server.key.

;client.asn
[DRIVER_SETTINGS]
USYS$TLS_PARAMS=verify_server=yes

In the matching TLS server assignment file, the CA certificate is not specified, so it is assumed to be in usys:ca-bundle.crt:

;urouter.asn
[DRIVER_SETTINGS]
USYS$TLS_PARAMS=verify_server=yes

Related Topics