Uploaded image for project: 'Couchbase Server'
  1. Couchbase Server
  2. MB-26921

[FTS] SSL for ipv6 doesn't work

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Critical
    • Resolution: Fixed
    • 5.5.0
    • 5.5.0
    • fts
    • Untriaged
    • Centos 64-bit
    • Unknown

    Description

      Build
      5.1.0-1431

      Testcase
      ./testrunner -i /tmp/testexec.22067.ini -t fts.stable_topology_fts.StableTopFTS.test_ssl,cluster=D+F,F,GROUP=P0

      [2017-11-20 12:36:29,639] - [stable_topology_fts:1672] INFO - Running command : curl -k -E cert.pem -XPUT -H "Content-Type: application/json" -u Administrator:password https://s10501-ip6.qe.couchbase.com:18094/api/index/default_idx -d '{"sourceName": "default", "type": "fulltext-index", "sourceType": "couchbase"}'
        % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                       Dload  Upload   Total   Spent    Left  Speed
       
        0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
        0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0curl: (7) Failed connect to s10501-ip6.qe.couchbase.com:18094; Connection refused
      ERROR
      

      The above curl should be able to reproduce the problem. Please reach out to me for the logs otherwise. Thanks.

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          I tried the above command^^ with IPv4 and then with an IPv6 address, and it seems to work for me:

          Command:

          curl -kv -key key.pem -cacert cert.pem -XPUT -H "Content-Type: application/json" -u Administrator:asdasd https://localhost.localdomain:19200/api/index/default_idx -d '{"sourceName": "default", "type": "fulltext-index", "sourceType": "couchbase"}'

          Result:

          * Rebuilt URL to: key.pem/
          * getaddrinfo(3) failed for key.pem:80
          * Couldn't resolve host 'key.pem'
          * Closing connection 0
          curl: (6) Couldn't resolve host 'key.pem'
          * Rebuilt URL to: cert.pem/
          * getaddrinfo(3) failed for cert.pem:80
          * Couldn't resolve host 'cert.pem'
          * Closing connection 1
          curl: (6) Couldn't resolve host 'cert.pem'
          * Trying ::1...
          * TCP_NODELAY set
          * Connected to localhost.localdomain (::1) port 19200 (#2)
          * ALPN, offering h2
          * ALPN, offering http/1.1
          * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
          * successfully set certificate verify locations:
          * CAfile: /usr/local/etc/openssl/cert.pem
          CApath: /usr/local/etc/openssl/certs
          * TLSv1.2 (OUT), TLS header, Certificate Status (22):
          * TLSv1.2 (OUT), TLS handshake, Client hello (1):
          * TLSv1.2 (IN), TLS handshake, Server hello (2):
          * TLSv1.2 (IN), TLS handshake, Certificate (11):
          * TLSv1.2 (IN), TLS handshake, Server key exchange (12):
          * TLSv1.2 (IN), TLS handshake, Server finished (14):
          * TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
          * TLSv1.2 (OUT), TLS change cipher, Client hello (1):
          * TLSv1.2 (OUT), TLS handshake, Finished (20):
          * TLSv1.2 (IN), TLS change cipher, Client hello (1):
          * TLSv1.2 (IN), TLS handshake, Finished (20):
          * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-SHA
          * ALPN, server accepted to use http/1.1
          * Server certificate:
          * subject: CN=127.0.0.1
          * start date: Jan 1 00:00:00 2013 GMT
          * expire date: Dec 31 23:59:59 2049 GMT
          * issuer: CN=Couchbase Server b0ae6eb4
          * SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.
          * Server auth using Basic with user 'Administrator'
          > PUT /api/index/default_idx HTTP/1.1
          > Host: localhost.localdomain:19200
          > Authorization: Basic QWRtaW5pc3RyYXRvcjphc2Rhc2Q=
          > User-Agent: curl/7.54.1
          > Accept: */*
          > Referer: y
          > Content-Type: application/json
          > Content-Length: 78
          >
          * upload completely sent off: 78 out of 78 bytes
          < HTTP/1.1 200 OK
          < Cache-Control: no-cache
          < Content-Type: application/json;version=2.0.0
          < Date: Thu, 07 Dec 2017 19:48:43 GMT
          < Content-Length: 16
          <
          {"status":"ok"}
          * Connection #2 to host localhost.localdomain left intact

          abhinav Abhinav Dangeti added a comment - I tried the above command^^ with IPv4 and then with an IPv6 address, and it seems to work for me: Command: curl -kv -key key.pem -cacert cert.pem -XPUT -H "Content-Type: application/json" -u Administrator:asdasd https: //localhost.localdomain:19200/api/index/default_idx -d '{"sourceName": "default", "type": "fulltext-index", "sourceType": "couchbase"}' Result: * Rebuilt URL to: key.pem/ * getaddrinfo( 3 ) failed for key.pem: 80 * Couldn 't resolve host ' key.pem' * Closing connection 0 curl: ( 6 ) Couldn 't resolve host ' key.pem' * Rebuilt URL to: cert.pem/ * getaddrinfo( 3 ) failed for cert.pem: 80 * Couldn 't resolve host ' cert.pem' * Closing connection 1 curl: ( 6 ) Couldn 't resolve host ' cert.pem' * Trying :: 1 ... * TCP_NODELAY set * Connected to localhost.localdomain (:: 1 ) port 19200 (# 2 ) * ALPN, offering h2 * ALPN, offering http/ 1.1 * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4: @STRENGTH * successfully set certificate verify locations: * CAfile: /usr/local/etc/openssl/cert.pem CApath: /usr/local/etc/openssl/certs * TLSv1. 2 (OUT), TLS header, Certificate Status ( 22 ): * TLSv1. 2 (OUT), TLS handshake, Client hello ( 1 ): * TLSv1. 2 (IN), TLS handshake, Server hello ( 2 ): * TLSv1. 2 (IN), TLS handshake, Certificate ( 11 ): * TLSv1. 2 (IN), TLS handshake, Server key exchange ( 12 ): * TLSv1. 2 (IN), TLS handshake, Server finished ( 14 ): * TLSv1. 2 (OUT), TLS handshake, Client key exchange ( 16 ): * TLSv1. 2 (OUT), TLS change cipher, Client hello ( 1 ): * TLSv1. 2 (OUT), TLS handshake, Finished ( 20 ): * TLSv1. 2 (IN), TLS change cipher, Client hello ( 1 ): * TLSv1. 2 (IN), TLS handshake, Finished ( 20 ): * SSL connection using TLSv1. 2 / ECDHE-RSA-AES256-SHA * ALPN, server accepted to use http/ 1.1 * Server certificate: * subject: CN= 127.0 . 0.1 * start date: Jan 1 00 : 00 : 00 2013 GMT * expire date: Dec 31 23 : 59 : 59 2049 GMT * issuer: CN=Couchbase Server b0ae6eb4 * SSL certificate verify result: self signed certificate in certificate chain ( 19 ), continuing anyway. * Server auth using Basic with user 'Administrator' > PUT /api/index/default_idx HTTP/ 1.1 > Host: localhost.localdomain: 19200 > Authorization: Basic QWRtaW5pc3RyYXRvcjphc2Rhc2Q= > User-Agent: curl/ 7.54 . 1 > Accept: */* > Referer: y > Content-Type: application/json > Content-Length: 78 > * upload completely sent off: 78 out of 78 bytes < HTTP/ 1.1 200 OK < Cache-Control: no-cache < Content-Type: application/json;version= 2.0 . 0 < Date: Thu, 07 Dec 2017 19 : 48 : 43 GMT < Content-Length: 16 < { "status" : "ok" } * Connection # 2 to host localhost.localdomain left intact

          Hi Abhinav, I see this fixed in build 5.1.0-1511.

          2017-12-12 11:58:02 | INFO | MainProcess | test_thread | [stable_topology_fts.test_ssl] Running command : curl -k -E cert.pem -XPUT -H "Content-Type: application/json" -u Administrator:password https://s10501-ip6.qe.couchbase.com:18094/api/index/default_idx -d '{"sourceName": "default", "type": "fulltext-index", "sourceType": "couchbase"}'
            % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                           Dload  Upload   Total   Spent    Left  Speed
          100    94  100    16  100    78    152    741 --:--:-- --:--:-- --:--:--   742
          2017-12-12 11:58:02 | INFO | MainProcess | test_thread | [fts_base.sleep] sleep for 20 secs. wait for indexing to complete ...
            % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                           Dload  Upload   Total   Spent    Left  Speed
          100  111k    0  111k  100    94  1251k   1053 --:--:-- --:--:-- --:--:-- 1254k
          2017-12-12 11:58:22 | INFO | MainProcess | test_thread | [stable_topology_fts.test_ssl] Hits: 1000
          

          Hence marking this as closed.

          apiravi Aruna Piravi (Inactive) added a comment - Hi Abhinav, I see this fixed in build 5.1.0-1511. 2017 - 12 - 12 11 : 58 : 02 | INFO | MainProcess | test_thread | [stable_topology_fts.test_ssl] Running command : curl -k -E cert.pem -XPUT -H "Content-Type: application/json" -u Administrator:password https: //s10501-ip6.qe.couchbase.com:18094/api/index/default_idx -d '{"sourceName": "default", "type": "fulltext-index", "sourceType": "couchbase"}' % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 94 100 16 100 78 152 741 --:--:-- --:--:-- --:--:-- 742 2017 - 12 - 12 11 : 58 : 02 | INFO | MainProcess | test_thread | [fts_base.sleep] sleep for 20 secs. wait for indexing to complete ... % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 111k 0 111k 100 94 1251k 1053 --:--:-- --:--:-- --:--:-- 1254k 2017 - 12 - 12 11 : 58 : 22 | INFO | MainProcess | test_thread | [stable_topology_fts.test_ssl] Hits: 1000 Hence marking this as closed.

          People

            apiravi Aruna Piravi (Inactive)
            apiravi Aruna Piravi (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes

                PagerDuty