Need a way to pass the HostNameInCertificate parameter for strict encryption connections

[shueybubbles]

For legacy mode we have a few options:

1. Add a new flag for HNIC.
2. Make HNIC an optional parameter to -C, such that -C X means "trust the cert only if its subject is X"
3. Expand the optional arguments to -N so that each encryption type can have parameters of its own.
   Something like this:
   -N strict:HNIC=myhost.com

Option 1 is a pain because we are running out of flags. Option 2 solves for this specific problem.

Option 3 is intriguing because it opens the door for supporting more encryption parameters in the future without needing to add new flags. It also simplifies detection of invalid flag combinations.

@dlevy-msft

@stuartpa how does the modern mode allow the user to set encryption values for connections to non-container instances?

[apoorvdeshmukh]

Option 3 looks good. due to the flexibility it offers to add future parameters. I guess we could extend it to other flags as well if needed.

[stuartpa]

@stuartpa how does the modern mode allow the user to set encryption values for connections to non-container instances?

It doesn't today. Users seem to be using the sqlconfig file for connections to containers on the local machine at the moment

[shueybubbles]

sigh. odbc sqlcmd went with a switch we already use for something else.

In sqlcmd (ODBC), use -F to specify the host name in the certificate. For example:

Console

Copy
sqlcmd -S server01 -Q "SELECT TOP 100 * FROM WideWorldImporters.Sales.Orders" -A -Ns -F server01.adventure-works.com
 Note

This is different to the -F switch for sqlcmd (Go), which is used to print results using a vertical format.