Building Secure Sockets Layer (SSL) Support for the Replication Manager

Berkeley DB provides SSL support for the Replication Manager via OpenSSL-library to enable secure communication among Replication Manager group members. For more information on OpenSSL, see https://www.openssl.org/.

SSL support for replication manager is not built by default. If you want to build it then you have to define HAVE_REPMGR_SSL_SUPPORT in db_config.h (in build_windows folder) and provide path to SSL libraries and headers for each project as specified below.

Note

You must use OpenSSL-library versions greater than or equal to 1.0.1 that includes thread support (see https://www.openssl.org/blog/blog/2017/02/21/threads/). Unless this condition is met, the build will fail.

To build Berkeley DB with OpenSSL support, follow the steps below:

Note that the following steps assume that you have installed OpenSSL in D:\OpenSSL-Win64. You can, however, change the location if you want. Also note that you would use Visual Studio (2010/2012/2013/2015) to perform the steps mentioned below.

  1. Set Additional Include Directories.

    1. Right-click db project and choose Properties->Configuration Properties-> c/c++->General-> Additional Include Directories.

    2. Add the full pathnames for D:\OpenSSL-Win64\include.

    3. Click OK.

    This directory contains the following header files: openssl\ssl.h, openssl\err.h and openssl\opensslconf.h.

  2. Specify the library files and their corresponding directories.

    1. Right-click db project and choose Properties->Configuration Properties->Linker-> General->Additional Library Directories.

    2. Add the full pathnames for D:\OpenSSL-Win64\lib.

    3. Click OK.

    This directory is needed to find the libeay32.lib and ssleay32.lib library files.

  3. Specify which libraries are to be linked during the build.

    1. Right-click db project and choose Properties->Configuration Properties-> Linker->Input->Additional Dependencies.

    2. Add the ssleay32.lib and libeay32.lib library names to the existing list of dependencies.

  4. Set the build type to Release or Debug in the drop-down on the tool bar.

  5. Build Berkeley DB by right-clicking db and select Build. This builds the Berkeley DB project with SSL support for the Replication Manager.

Note that you must follow the same instructions to build other projects like db_tcl or db_test.

Note

  • To build Berkeley DB without OpenSSL support, remove the definition for the HAVE_REPMGR_SSL_SUPPORT in db_config.h configuration files under the build_windows directory.

  • Once you have built Berkeley DB with SSL support for the Replication Manager, you can disable the use of SSL for Replication Manager communication by setting the flag DB_REPMGR_CONF_DISABLE_SSL via DB_ENV->REP_SET_CONFIG API.