Berkeley DB provides SSL support for the Replication Manager via
OpenSSL-library
to enable secure communication
among Replication Manager group members. For more information on OpenSSL, see
https://www.openssl.org/.
SSL support for replication manager is not built by default. If
you want to build it then you have to define HAVE_REPMGR_SSL_SUPPORT
in db_config.h
(in build_windows
folder)
and provide path to SSL libraries and headers for each project as specified below.
You must use OpenSSL-library
versions
greater than or equal to 1.0.1 that includes thread support (see
https://www.openssl.org/blog/blog/2017/02/21/threads/). Unless
this condition is met, the build will fail.
To build Berkeley DB with OpenSSL
support, follow
the steps below:
Note that the following steps assume that you have installed OpenSSL
in D:\OpenSSL-Win64
. You can, however, change the location if you want.
Also note that you would use Visual Studio (2010/2012/2013/2015) to perform the
steps mentioned below.
Set Additional Include Directories
.
Right-click db project and choose Properties->Configuration Properties-> c/c++->General-> Additional Include Directories.
Add the full pathnames for D:\OpenSSL-Win64\include
.
Click OK.
This directory contains the following header files: openssl\ssl.h
,
openssl\err.h
and openssl\opensslconf.h
.
Specify the library files and their corresponding directories.
Right-click db project and choose Properties->Configuration Properties->Linker-> General->Additional Library Directories.
Add the full pathnames for D:\OpenSSL-Win64\lib
.
Click OK.
This directory is needed to find the libeay32.lib
and ssleay32.lib
library files.
Specify which libraries are to be linked during the build.
Right-click db project and choose Properties->Configuration Properties-> Linker->Input->Additional Dependencies.
Add the ssleay32.lib
and libeay32.lib
library names to the existing list of dependencies.
Set the build type to Release
or Debug
in the drop-down on the tool bar.
Build Berkeley DB by right-clicking db
and select Build
.
This builds the Berkeley DB project with SSL support for the Replication Manager.
Note that you must follow the same instructions to build other projects
like db_tcl
or db_test
.
To build Berkeley DB without OpenSSL support, remove the definition for the
HAVE_REPMGR_SSL_SUPPORT
in
db_config.h
configuration files under the
build_windows
directory.
Once you have built Berkeley DB with SSL support for the Replication Manager,
you can disable the use of SSL for Replication Manager communication by
setting the flag DB_REPMGR_CONF_DISABLE_SSL
via
DB_ENV->REP_SET_CONFIG
API.