Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[docs] add C and C++ SSL quickstarts #10771

Closed
wants to merge 3 commits into from
Closed

[docs] add C and C++ SSL quickstarts #10771

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
c6f43a0
[docs] add C SSL quickstart
Dec 3, 2021
40b3556
update the build command
Dec 3, 2021
e5a31bd
C build updates
Dec 4, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
163 changes: 159 additions & 4 deletions docs/content/latest/quick-start/build-apps/c/ysql.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,12 @@ showAsideToc: true

</ul>

{{< tip title="Yugabyte Cloud requires SSL" >}}

Are you using Yugabyte Cloud? Install the [prerequisites](#prerequisites), then go to the [Use C with SSL](#use-c-with-ssl) section.

{{</ tip >}}

## Prerequisites

The tutorial assumes that you have:
Expand All @@ -37,15 +43,15 @@ The tutorial assumes that you have:

## Install the libpq C driver

The `libpq` C driver is included in the YugabyteDB installation. You can use it by setting the `LD_LIBRARY_PATH` as follows :
The `libpq` C driver is included in the YugabyteDB installation. You can use it by setting the `LD_LIBRARY_PATH` as follows:

```sh
$ export LD_LIBRARY_PATH=<yugabyte-install-dir>/postgres/lib
```

Alternatively, you can download the PostgreSQL binaries or build the driver from source as documented [here](https://www.postgresql.org/download/).

## Create the sample C application
## Create a sample C application

### Sample C code

Expand Down Expand Up @@ -158,5 +164,154 @@ You should see the following output:
```output
Created table employee
Inserted data (1, 'John', 35, 'C')
Query returned: John 35 C
Query returned: John 35 C
```

## Use C with SSL

The client driver supports several SSL modes, as follows:

| SSL mode | Client driver behavior |
| :------- | :--------------------- |
| disable | Supported |
| allow | Supported |
| prefer | Supported (default) |
| require | Supported |
| verify-ca | Supported |
| verify-full | Supported |

{{< note title="SSL mode support" >}}

The default SSL mode for libpq is `prefer`. In the `require` SSL mode, the root CA certificate is not required to be configured.

To enable `verify-ca` and `verify-full`, you configure the path to the CA in the connection string using the `sslrootcert` parameter. The default path is `~/.postgresql/root.crt`. If the root certificate is in a different file, specify it in the sslrootcert parameter. For example:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I got error "Connection to database failed: root certificate file "/Users/myuser/.yugabytedb/root.crt" does not exist" which implies .postgresql is not the default directory


```c
conninfo = "host=331be4e2-fe24-3d2f-84f0-6d0d49ed422b.cloudportal.yugabyte.com port=5433 dbname=yugabyte user=<username> password=<password> sslmode=verify-full sslrootcert=/Users/yugabyte/Downloads/root.crt"
```

**Always use verify-full mode if you're using a public CA**. The difference between `verify-ca` and `verify-full` depends on the policy of the root CA. If a you're using a public CA, verify-ca allows connections to a server that somebody else may have registered with the CA. If you're using a local CA, or even a self-signed certificate, using verify-ca often provides enough protection, but using verify-full is always the best security practice.

{{< /note >}}

### Create a sample C application with SSL

Create a file `ybsql_hello_world_ssl.c` and copy the contents below, replacing the hostname, username, and password with the appropriate values:

```c
#include <stdio.h>
#include <stdlib.h>
#include "libpq-fe.h"

int main(int argc, char **argv)
{
const char *conninfo;
PGconn *conn;
PGresult *res;
int nFields;
int i, j;

/* connection string */
/* replace hostname, username, and password */
conninfo = "host=hostname port=5433 dbname=yugabyte user=username password=password sslmode=verify-full";

/* Make a connection to the database */
conn = PQconnectdb(conninfo);

/* Check to see that the backend connection was successfully made */
if (PQstatus(conn) != CONNECTION_OK)
{
fprintf(stderr, "Connection to database failed: %s",
PQerrorMessage(conn));
PQfinish(conn);
exit(1);
}

/* Create table */
res = PQexec(conn, "CREATE TABLE employee (id int PRIMARY KEY, \
name varchar, age int, \
language varchar)");

if (PQresultStatus(res) != PGRES_COMMAND_OK)
{
fprintf(stderr, "CREATE TABLE failed: %s", PQerrorMessage(conn));
PQclear(res);
PQfinish(conn);
exit(1);
}
PQclear(res);
printf("Created table employee\n");

/* Insert a row */
res = PQexec(conn, "INSERT INTO employee (id, name, age, language) \
VALUES (1, 'John', 35, 'C')");

if (PQresultStatus(res) != PGRES_COMMAND_OK)
{
fprintf(stderr, "INSERT failed: %s", PQerrorMessage(conn));
PQclear(res);
PQfinish(conn);
exit(1);
}
PQclear(res);
printf("Inserted data (1, 'John', 35, 'C')\n");

/* Query the row */
res = PQexec(conn, "SELECT name, age, language FROM employee WHERE id = 1");
if (PQresultStatus(res) != PGRES_TUPLES_OK)
{
fprintf(stderr, "SELECT failed: %s", PQerrorMessage(conn));
PQclear(res);
PQfinish(conn);
exit(1);
}

/* print out the rows */
nFields = PQnfields(res);
for (i = 0; i < PQntuples(res); i++)
{
printf("Query returned: ");
for (j = 0; j < nFields; j++)
printf("%s ", PQgetvalue(res, i, j));
printf("\n");
}
PQclear(res);

/* close the connection to the database and cleanup */
PQfinish(conn);

return 0;
}
```

### Run the C SSL application

1. Set up your environment, replacing `<yb-install-path>` with the full path to your YugabyteDB installation:

```sh
$ export LD_LIBRARY_PATH=<yb-install-path>/postgres/include/
$ export DYLD_LIBRARY_PATH=<yb-install-path>/postgres/lib/
```

1. You can compile the file using `gcc` or `clang`. To compile the application with `clang`, run the following command:

```sh
$ clang yb_hello_world_ssl.c \
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

$ clang ybsql_hello_world_ssl.c

-lpq \
-I path/to/yugabytedb/postgres/include -L path/to/yugabytedb/postgres/postgres/lib \
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

path/to/yugabytedb/postgres/lib

-o ybsql_hello_world_ssl
```

1. Run with:

```sh
$ ./ybsql_hello_world
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

$ ./ybsql_hello_world_ssl

```

You should see the following output:

```output
Created table employee
Inserted data (1, 'John', 35, 'C')
Query returned: John 35 C
```