Major Description
The CertificateAuthenticator struct was renamed to CertAuthenticator in GOCBC-304 and looks like it was intended to be backwards compatible, however upon attempting to open a bucket using the deprecated struct, an unexpected error is thrown.
This is seen on the latest commits of gocb/v1 and gocbcore/v7
Here's a standalone unit test to demonstrate the issue:
func TestCertificateAuthenticator(t *testing.T) {
|
SetLogger(VerboseStdioLogger())
|
|
|
cluster, err := Connect("couchbases://10.112.191.101?certpath=.%2Ftestdata%2Fexample-cert.pem&keypath=.%2Ftestdata%2Fexample-key.pem")
|
if err != nil {
|
t.Fatal(err)
|
}
|
|
|
authenticators := []Authenticator{
|
CertAuthenticator{},
|
CertificateAuthenticator{},
|
}
|
|
|
for _, authenticator := range authenticators {
|
t.Run(fmt.Sprintf("%T", authenticator), func(tt *testing.T) {
|
|
|
if err := cluster.Authenticate(authenticator); err != nil {
|
tt.Fatal(err)
|
}
|
|
|
_, err := cluster.OpenBucket("default", "")
|
|
|
// Because I'm only using example certs - I expect a no access failure here from CBS rejecting them
|
if err != nil && err.Error() == "no access" {
|
tt.Logf("Got expected: %v", err)
|
return
|
}
|
|
|
if err != nil {
|
tt.Fatalf("Got unexpected error: %v", err)
|
}
|
|
|
tt.Fatalf("Expecting an error but was actually successful")
|
})
|
}
|
}
|
I'm using the example certs from Go's crypto/tls package (links below), so I don't expect a successful auth - but I at least expect Couchbase Server to reject them upon opening the bucket.
https://golang.org/src/crypto/tls/testdata/example-cert.pem
https://golang.org/src/crypto/tls/testdata/example-key.pem
Attachments
Issue Links
- causes
-
CBG-502 x.509 broken due to deprecated CertificateAuthenticator
-
- Closed
-