PostgreSQLDatabase Workaround to Specify Path for SSL CARoot Cert

In Xojo 2013r3, it looks like the PostgreSQLDatabase class doesn’t have the “.SSLAuthority” property, like the MySQLCommunityServer class does. It would be nice to have this property available for the class, but in the mean time there’s an easy workaround to specify it via the .connect method:

// ----------------------------

// Supply the shell path for the CA Root Cert in the PostgreSQLDatabase.Connect method, like this:

Dim db As New PostgreSQLDatabase
dim mCARootPath as FolderItem

db.Host = “”
db.SSLMode = PostgreSQLDatabase.SSLVerifyCA
db.Port = 5432

db.DatabaseName = “dbnamehere”

db.UserName = “dbusernamehere”
db.Password = “supersecret”
mCARootPath = GetFolderItem("").Child(“SSL-Certs”).Child(“MyCARoot.crt”)

If ( db.Connect(“sslrootcert=” + mCARootPath.ShellPath ) ) Then

// Success!


// Failure!

End If

// ----------------------------

For those who also want this added, I filed a feature request for it here:


Why not use the SSLCertificate property ?

The SSLCertificate property is for the client’s public cert, right? I don’t want to create unique client private and public keys, I only need the clients to verify the validity of the DB host server.

Forgot to add:

I only need the clients to verify the validity of the DB host server, and of course use SSL so that none of the DB authentication or communication/transactions are in the clear on the wire.

AH ok
I’m not sure the SSLCertificate is what you’re looking for

Correct, it’s not the property that I need here, as the 'SSLCertificate ’ property is the client’s public cert and not the CA Root Cert which is required to validate the server’s supplied, signed by the CA Root cert. Standard SSL stuff. :wink:

Ie, I need to set the certificate authority cert on the client side so that it can verify the server’s public cert is signed by the CA and therefore valid and enables the SSL connection to complete.

Again, there’s a workaround for this as doc’d above in the DB.Connect method, but I’d rather see it available in the PostgreSQLDatabase class property list.