Uploaded image for project: 'Couchbase C client library libcouchbase'
  1. Couchbase C client library libcouchbase
  2. CCBC-892

Support having trust store and client key in different files



    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 2.8.4
    • 2.8.5
    • None
    • None
    • 1


      While evaluating the use of certificate authentication in python I noticed that the underlying libcouchbase implentation uses the same parameter (certpath) for two different purposes:

      We pass it to SSL_CTX_load_verify_locations() to use as the trust store

      We also pass the same file to SSL_CTX_use_certificate_file to use as the client certificate

      Relevant code section:



      In our environment we have our trusted CA bundle in one centrally managed file and we have the client certificate and key in their own files. I would like to see support added natively to libcouchbase (and other language bindings such as the python sdk) to have the CA bundle file be independent of the client certificate file.

      This is very similar to JVMCBC-468

      Right now in order to successfully perform certificate authentication from my python app I must read the client cert off disk, read the CA bundle file off disk, concatenate them and write to a temp file, and then pass this temp file in my couchbase connection string, and then clean up the temp file. So I'd like to be able to avoid this type of hacky workaround.


        No reviews matched the request. Check your Options in the drop-down menu of this sections header.


          There are no comments yet on this issue.


            avsej Sergey Avseyev
            bweir bweir
            0 Vote for this issue
            3 Start watching this issue



              Gerrit Reviews

                There are no open Gerrit changes