certPath param in sdk 3 vs sdk 2

The certpath seems to be quite different from the previous version. It seems that the certpath needs to be a directing containing pem files, and the pem files must have the name given in the cluster.bucket(...) call (which would normally be the bucketname, but it doesn't seem to matter, as long as the pem file with that name exists)
connecting-ssl.js 
// Require Couchbase Module
var couchbase = require('couchbase');
​
// Require Couchbase Module
var couchbase = require('couchbase');
​
/*

• Put Self-Signed Cluster Certificate from the cluster
• $ curl http://localhost:8091/pools/default/certificate -o /tmp/junk.pem
  */
  ​
  // Setup Cluster Connection Object - must include the bucket name
  // incorrect bucket name here will get you BUCKET_NOT_FOUND
  ​
  var connString = 'couchbases://127.0.0.1/travel-sample?certpath=/tmp';
  ​
  // Setup Cluster Connection Object
  ​
  const options = {username: 'Administrator', password: 'password'}
  ;
  var cluster = new couchbase.Cluster(connString,options);
  ​
  // Setup Bucket object to be reused within the code
  //
  // specify bucket again. Actually this does appear to be used for the
  // name of the bucket. It must be the name of the pem file withing
  // the certpath directory.
  // Mess that up and you will get a generic SSL ERROR
  //
  const bucket = cluster.bucket("junk.pem"); // specify bucket (again)
  const collection = bucket.defaultCollection();
  const docKey='airport_1254';
  ​
  try {
  res= collection.get(docKey, {timeout:10}

  ,
  (err,res)=>

  { if(res)console.log("================== res: "+JSON.stringify(res)); if(err)console.log("================== err: "+err); }

  ).catch((e)=>

  {done=true; console.log(e)}

  );
  }catch(e)

  { e.printStackTrace(); }

  console.log(" ***************** press control-c to exit ***************");
  var http = require('http');
  http.createServer(function (req, res) {
  res.writeHead(200,

  {'Content-Type': 'text/plain'}

  );
  res.write('Hello World!');
  res.end();
  }).listen(8080);
   
   
  ===================================================
   
  A similar issue exists for the connecting-cert-auth.js example.

This code from connection.js sheds some light on the issue.  Whatever is given as the bucketname in  cluster.bucket(<bucketname>) is appended on to the connStr - so it had better complete the last query param.

In this case, leaving the 'client.key' off of the keypath, and specifying a bucketname of "client.key" allows it to work.

couchbases://127.0.0.1/travel-sample?truststorepath=/Users/michaelreiche/git/docs-sdk-nodejs/modules/devguide/examples/nodejs/../etc/x509-cert/SSLCA/clientdir/trust.pem&certpath=/Users/michaelreiche/git/docs-sdk-nodejs/modules/devguide/examples/nodejs/../etc/x509-cert/SSLCA/clientdir/client.pem&keypath=/Users/michaelreiche/git/docs-sdk-nodejs/modules/devguide/examples/nodejs/../etc/x509-cert/SSLCA/clientdir//client.key

53     var connType = binding.LCB_TYPE_CLUSTER;
54     var connStr = opts.connStr;
55     if (opts.bucketName)

{ 56       connType = binding.LCB_TYPE_BUCKET; 57       connStr += '/' + opts.bucketName; 58     }

I suspect that code should put the bucketName at the beginning of the url-context (if it is not already there).

I don't know what the case is for not having a bucketname (i.e. connType = LCB_TYPE_CLUSTER)