Uploaded image for project: 'Couchbase Go SDK'
  1. Couchbase Go SDK
  2. GOCBC-592

CertificateAuthenticator is not backwards compatible

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.6.2
    • Fix Version/s: 1.6.3
    • Component/s: library
    • Labels:
      None

      Description

      The CertificateAuthenticator struct was renamed to CertAuthenticator in GOCBC-304 and looks like it was intended to be backwards compatible, however upon attempting to open a bucket using the deprecated struct, an unexpected error is thrown.

       

      This is seen on the latest commits of gocb/v1 and gocbcore/v7

       

      Here's a standalone unit test to demonstrate the issue:

      func TestCertificateAuthenticator(t *testing.T) {
      	SetLogger(VerboseStdioLogger())
       
      	cluster, err := Connect("couchbases://10.112.191.101?certpath=.%2Ftestdata%2Fexample-cert.pem&keypath=.%2Ftestdata%2Fexample-key.pem")
      	if err != nil {
      		t.Fatal(err)
      	}
       
      	authenticators := []Authenticator{
      		CertAuthenticator{},
      		CertificateAuthenticator{},
      	}
       
      	for _, authenticator := range authenticators {
      		t.Run(fmt.Sprintf("%T", authenticator), func(tt *testing.T) {
       
      			if err := cluster.Authenticate(authenticator); err != nil {
      				tt.Fatal(err)
      			}
       
      			_, err := cluster.OpenBucket("default", "")
       
      			// Because I'm only using example certs - I expect a no access failure here from CBS rejecting them
      			if err != nil && err.Error() == "no access" {
      				tt.Logf("Got expected: %v", err)
      				return
      			}
       
      			if err != nil {
      				tt.Fatalf("Got unexpected error: %v", err)
      			}
       
      			tt.Fatalf("Expecting an error but was actually successful")
      		})
      	}
      }
      

       

      I'm using the example certs from Go's crypto/tls package (links below), so I don't expect a successful auth - but I at least expect Couchbase Server to reject them upon opening the bucket.

      https://golang.org/src/crypto/tls/testdata/example-cert.pem
      https://golang.org/src/crypto/tls/testdata/example-key.pem

        Attachments

          Issue Links

          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

            Activity

            Hide
            charles.dixon Charles Dixon added a comment -

            As per conversation on http://review.couchbase.org/c/114511/ we won't fix this. Feel free to reopen if you disagree.

            Show
            charles.dixon Charles Dixon added a comment - As per conversation on  http://review.couchbase.org/c/114511/  we won't fix this. Feel free to reopen if you disagree.
            Hide
            adamf Adam Fraser added a comment -

            As proposed on the review - can we remove CertificateAuthenticator altogether? Catching this at compile time would have been far preferable to proceeding with the non-working version.

            Show
            adamf Adam Fraser added a comment - As proposed on the review - can we remove CertificateAuthenticator altogether? Catching this at compile time would have been far preferable to proceeding with the non-working version.
            Hide
            charles.dixon Charles Dixon added a comment -

            I think that in order to do that we would have to release a new major to avoid breaking semver and so can't do it in v1?

            Show
            charles.dixon Charles Dixon added a comment - I think that in order to do that we would have to release a new major to avoid breaking semver and so can't do it in v1?
            Hide
            adamf Adam Fraser added a comment -

            I'm not sure that leaving the API in place but broken really preserves semantic versioning, but given that Sync Gateway has switched on our side, I'll leave it as your decision.

            Show
            adamf Adam Fraser added a comment - I'm not sure that leaving the API in place but broken really preserves semantic versioning, but given that Sync Gateway has switched on our side, I'll leave it as your decision.
            Hide
            build-team Couchbase Build Team added a comment -

            Build sync_gateway-2.7.0-58 contains gocb commit 0e60461 with commit message:
            GOCBC-592: Fix CertificateAuthenticator compatibility

            Show
            build-team Couchbase Build Team added a comment - Build sync_gateway-2.7.0-58 contains gocb commit 0e60461 with commit message: GOCBC-592 : Fix CertificateAuthenticator compatibility

              People

              • Assignee:
                charles.dixon Charles Dixon
                Reporter:
                ben.brooks Ben Brooks
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Gerrit Reviews

                  There are no open Gerrit changes

                    PagerDuty

                    Error rendering 'com.pagerduty.jira-server-plugin:PagerDuty'. Please contact your Jira administrators.