Using OpenSSL/Encrypted Connections

[metaskills]

For Zbigniew Szmigiero who asked in email...

Tiny_tds is very valuable gem but I am still do not understanding lack of SSL configuration in Client object The documentation and some answers on GitHub mention that freetsd.conf file is evaluated but I have no idea when it should be located in case on Windows with pre-compiled static binaries.

Could you point where should I put this file? My suggestion is to provide SSL configuration on tiny_tds level it allows to control connection from security perspective and manage connection more suitable directly from ruby code.

[metaskills]

A few points about this in no particular order:

• TinyTDS is built on top of FreeTDS
• We use the DB-Library interface.
• Technically there is no DB-Library config to force SSL.
• FreeTDS does support a conf setting to use encrypted.
• SSL connection work just fine when the server says it has to. This is how Azure work.
• I've never been able find how to make SQL Server force per user vs whole server secure connection. But I have never looked that hard.

Reference Links

• [freetds] Using SSL With DBLIB/TinyTDS
• About the FreeTDS conf file
• Encrypting Connections to SQL Server
• Where we configure Windows binaries to look for FreeTDS conf dir - C:\Sites
• FreeTDS env vars. Use FREETDS to customize different conf file location

[zbychfish]

I found solution after a while.
The precompiled freetds on Windows points c:Static directory where freetds.conf file should be located.
So Static directory has to be located in the directory where ruby code is executed.
I also noticed that FREETDS and TDSDUMP variables are ignored.
The possibility to setup SSL behavior (with certificate location) will be very useful and simplify Tiny_TDS configuration without necessity to manage it by config files.

[metaskills]

Can you make some explicit recommendations that we could change?