Uploaded image for project: 'Couchbase C client library libcouchbase'
  1. Couchbase C client library libcouchbase
  2. CCBC-892

Support having trust store and client key in different files

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.8.4
    • Fix Version/s: 2.8.5
    • Component/s: None
    • Labels:
      None

      Description

      While evaluating the use of certificate authentication in python I noticed that the underlying libcouchbase implentation uses the same parameter (certpath) for two different purposes:

      We pass it to SSL_CTX_load_verify_locations() to use as the trust store

      We also pass the same file to SSL_CTX_use_certificate_file to use as the client certificate

      Relevant code section:

      https://github.com/couchbase/libcouchbase/blob/0e6ccebf5a839bfa839d1cdccb11694d5626b62e/src/ssl/ssl_common.c#L284

       

      In our environment we have our trusted CA bundle in one centrally managed file and we have the client certificate and key in their own files. I would like to see support added natively to libcouchbase (and other language bindings such as the python sdk) to have the CA bundle file be independent of the client certificate file.

      This is very similar to JVMCBC-468

      Right now in order to successfully perform certificate authentication from my python app I must read the client cert off disk, read the CA bundle file off disk, concatenate them and write to a temp file, and then pass this temp file in my couchbase connection string, and then clean up the temp file. So I'd like to be able to avoid this type of hacky workaround.

        Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

          There are no comments yet on this issue.

            People

            • Assignee:
              avsej Sergey Avseyev
              Reporter:
              bweir bweir
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Gerrit Reviews

                There are no open Gerrit changes

                  PagerDuty

                  Error rendering 'com.pagerduty.jira-server-plugin:PagerDuty'. Please contact your Jira administrators.