Need a way to pass the HostNameInCertificate parameter for strict encryption connections

[shueybubbles]

For legacy mode we have a few options:

1. Add a new flag for HNIC.
2. Make HNIC an optional parameter to -C, such that -C X means "trust the cert only if its subject is X"
3. Expand the optional arguments to -N so that each encryption type can have parameters of its own. Something like this: -N strict:HNIC=myhost.com

Option 1 is a pain because we are running out of flags. Option 2 solves for this specific problem.

Option 3 is intriguing because it opens the door for supporting more encryption parameters in the future without needing to add new flags. It also simplifies detection of invalid flag combinations.

@dlevy-msft

@stuartpa how does the modern mode allow the user to set encryption values for connections to non-container instances?

[apoorvdeshmukh]

Option 3 looks good. due to the flexibility it offers to add future parameters. I guess we could extend it to other flags as well if needed.

[stuartpa]

@stuartpa how does the modern mode allow the user to set encryption values for connections to non-container instances?

It doesn't today. Users seem to be using the sqlconfig file for connections to containers on the local machine at the moment