odbc: Add support for ODBC connection attribute ServerCertificate

Signed-off-by: Peter Deacon <peterd@iea-software.com>

Author: Peter Deacon

doc/userguide.xml

@@ -618,7 +618,7 @@ Once project files are created you can open them with your environment.</para>
 
 <para>You can  download FreeTDS binaries for Windows from AppVeyor (the hosted CI platform used).</para>
 
-<para>There is a .zip file available as artifact of every sucessful build.
+<para>There is a .zip file available as artifact of every successful build.
 
 The list of builds is at
 <ulink url="https://ci.appveyor.com/project/FreeTDS/freetds/history">https://ci.appveyor.com/project/FreeTDS/freetds/history</ulink>.
@@ -1254,7 +1254,7 @@ This is the name of the database container in the server you are connecting to.<
 							<entry>File that holds root certificates (in PEM format) to verify server certificate, used during an encrypted connection.
 If not specify or empty any certificate will be accepted from server.
 If you specify <literal>system</literal> &freetds; will use system wide certificate list.
-If a certiticate is not installed server can generate a self signed certificate, in this case is useful to disable certificate validation (which is the default).
+If a certificate is not installed server can generate a self signed certificate, in this case is useful to disable certificate validation (which is the default).
 Note that is not possible to specify a directory as usually database servers does not use a certificate signed by a public global certification authority.
 </entry>
 							</row>
@@ -2044,6 +2044,17 @@ The ODBC tests all build their own <filename>odbc.ini</filename> and try to redi
 							<entry>Specify encryption.
 							Similar to encryption on &freetdsconf; but Microsoft compatible.</entry>
 							</row>
+						<row>
+							<entry><literal>ServerCertificate</literal></entry>
+							<entry>Any</entry>
+							<entry>none</entry>
+							<entry>File that holds root certificates (in PEM format) to verify server certificate, used during an encrypted connection.
+If not specify or empty any certificate will be accepted from server.
+If you specify <literal>system</literal> &freetds; will use system wide certificate list.
+If a certificate is not installed server can generate a self signed certificate, in this case is useful to disable certificate validation (which is the default).
+Note that is not possible to specify a directory as usually database servers does not use a certificate signed by a public global certification authority.
+							Microsoft compatible.</entry>
+							</row>
 						<row>
 							<entry><literal>HostNameInCertificate</literal></entry>
 							<entry>Server name</entry>

include/freetds/odbc.h

@@ -528,7 +528,8 @@ bool get_login_info(HWND hwndParent, TDSLOGIN * login);
 	ODBC_PARAM(ApplicationIntent) \
 	ODBC_PARAM(Timeout) \
 	ODBC_PARAM(Encrypt) \
-	ODBC_PARAM(HostNameInCertificate)
+	ODBC_PARAM(HostNameInCertificate) \
+	ODBC_PARAM(ServerCertificate)
 
 #define ODBC_PARAM(p) ODBC_PARAM_##p,
 enum {

src/odbc/connectparams.c

@@ -260,6 +260,9 @@ odbc_get_dsn_info(TDS_ERRS *errs, const char *DSN, TDSLOGIN * login)
 	if (myGetPrivateProfileString(DSN, odbc_param_Encrypt, tmp) > 0)
 		tds_parse_conf_section(TDS_STR_ENCRYPTION, odbc_encrypt2encryption(tmp), login);
 
+	if (myGetPrivateProfileString(DSN, odbc_param_ServerCertificate, tmp) > 0)
+		tds_parse_conf_section(TDS_STR_CAFILE, tmp, login);
+
 	if (myGetPrivateProfileString(DSN, odbc_param_UseNTLMv2, tmp) > 0)
 		tds_parse_conf_section(TDS_STR_USENTLMV2, tmp, login);
 
@@ -482,6 +485,8 @@ odbc_parse_connect_string(TDS_ERRS *errs, const char *connect_string, const char
 			tds_parse_conf_section(TDS_STR_ENCRYPTION, tds_dstr_cstr(&value), login);
 		} else if (CHK_PARAM(Encrypt)) {
 			tds_parse_conf_section(TDS_STR_ENCRYPTION, odbc_encrypt2encryption(tds_dstr_cstr(&value)), login);
+		} else if (CHK_PARAM(ServerCertificate)) {
+			tds_parse_conf_section(TDS_STR_CAFILE, tds_dstr_cstr(&value), login);
 		} else if (CHK_PARAM(UseNTLMv2)) {
 			tds_parse_conf_section(TDS_STR_USENTLMV2, tds_dstr_cstr(&value), login);
 		} else if (CHK_PARAM(REALM)) {