Skip to content

Commit

Permalink
v1.8.30
Browse files Browse the repository at this point in the history
  • Loading branch information
@stfnmllr
stfnmllr committed May 14, 2024
1 parent 83c056b commit 4a14c14
Show file tree
Hide file tree
Showing 3 changed files with 10 additions and 15 deletions.
20 changes: 6 additions & 14 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,30 +25,22 @@ API documentation and documented examples can be found at <https://pkg.go.dev/gi
## HANA cloud connection

HANA cloud connection proxy is using SNI which does require a TLS connection.
To connect successfully you would need a valid root certificate in pem format (please see
[SAP Help](https://help.sap.com/viewer/cc53ad464a57404b8d453bbadbc81ceb/Cloud/en-US/5bd9bcec690346a8b36df9161b1343c2.html)).

The certificate (DigiCertGlobalRootCA.crt.pem) can be downloaded in 'pem-format' from
[digicert](https://www.digicert.com/kb/digicert-root-certificates.htm).
As default one can rely on the root certificate set provided by the host, which already comes with the nessecary
DigiCert certificates (CA, G5).
For more information on [Go](https://go.dev/) tls certificate handling, please see https://pkg.go.dev/crypto/tls#Config.

Assuming the HANA cloud 'endpoint' is "something.hanacloud.ondemand.com:443". Then the dsn should look as follows:

```
"hdb://<USER>:<PASSWORD>@something.hanacloud.ondemand.com:443?TLSServerName=something.hanacloud.ondemand.com&TLSRootCAFile=<PATH TO CERTIFICATE>/DigiCertGlobalRootCA.crt.pem"
```

or

```
"hdb://<USER>:<PASSWORD>@something.hanacloud.ondemand.com:443?TLSServerName=something.hanacloud.ondemand.com"
```

with:
- TLSServerName same as 'host'
- TLSRootCAFile needs to point to the location in your filesystem where the file DigiCertGlobalRootCA.crt.pem is stored

When omitting the TLSRootCAFile, TLS uses the host's root CA set (for more information please see
[Config RootCAs](https://pkg.go.dev/crypto/tls#Config).
## Specific root certificate
In case a specific root certificate (e.g. self-signed) would be needed, the TLSRootCAFile DSN parameter needs to
point to the location in the filesystem where a root certificate file in 'pem-format' is stored.

## Tests

Expand Down
3 changes: 3 additions & 0 deletions RELEASENOTES.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,9 @@ Release Notes

### Minor revisions

#### v1.8.30
- updated README root certificate sections

#### v1.8.29
- updated dependencies

Expand Down
2 changes: 1 addition & 1 deletion driver/driver.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ import (
)

// DriverVersion is the version number of the hdb driver.
const DriverVersion = "1.8.29"
const DriverVersion = "1.8.30"

// DriverName is the driver name to use with sql.Open for hdb databases.
const DriverName = "hdb"
Expand Down

0 comments on commit 4a14c14

Please sign in to comment.