TrustServerCertificate not working with MSOLEDB provider

Discussion of open issues, suggestions and bugs regarding SDAC (SQL Server Data Access Components) for Delphi, C++Builder, Lazarus (and FPC)
Post Reply
carlmon
Posts: 7
Joined: Thu 16 Oct 2008 09:49

TrustServerCertificate not working with MSOLEDB provider

Post by carlmon » Mon 29 Apr 2019 11:03

Hi,

When I enable encryption and explicitly trust the server's TLS certificate with the MSOLEDB.1 provider, I get the the following error:
SSL Provider: The certificate chain was issued by an authority that is not trusted.
This used to only happen when TrustServerCertificate is FALSE on previous providers. With MSOLEDB.1, the TrustServerCertificate setting does not seem to make a difference.

How can I make encryption work on the new provider without trusted certificates? We will typically use trusted certs in production, but not in other environments.

Thanks,
Carl

carlmon
Posts: 7
Joined: Thu 16 Oct 2008 09:49

Re: TrustServerCertificate not working with MSOLEDB provider

Post by carlmon » Thu 02 May 2019 09:38

I added the following code to OLEDBAccess.pas' SetConnectionProperties proc and it seems to work.

Code: Select all

if (GUIDToString(FProviderId) = GUIDToString(CLSID_MSOLEDBSQL)) and GetConnection.Options.TrustServerCertificate then
    AddPropBool(SSPROP_INIT_TRUST_SERVER_CERTIFICATE, GetConnection.Options.TrustServerCertificate);
It looks like SDAC also excludes MARS and ro/rw intents for the new msoledbsql provider. Will this be addressed?

Stellar
Devart Team
Posts: 319
Joined: Tue 03 Oct 2017 11:00

Re: TrustServerCertificate not working with MSOLEDB provider

Post by Stellar » Thu 02 May 2019 14:14

Thank you for the information. We have fixed the issue with setting the connection options for the MSOLEDB provider. The fix will be included in the next SDAC build.

Post Reply