Uploaded image for project: 'Couchbase Server'
  1. Couchbase Server
  2. MB-27595

configure tlsconfig correctly for query service for http/2

    XMLWordPrintable

Details

    • Improvement
    • Resolution: Fixed
    • Critical
    • 7.0.0
    • 5.1.0
    • query
    • None
    • Enterprise Edition 5.1.0 build 5536

    Description

      Configure x509 on CB Server. 

      Execute a query using curl on SSL port 18093:

       

      Ritam-MacBook:testrunner rsharma$ curl -v --cacert /tmp/newcerts91/root.crt -u Administrator:password https://10.142.170.101:18093/query/service -d statement='create index idx1 on default(name)'

      •   Trying 10.142.170.101...
      • TCP_NODELAY set
      • Connected to 10.142.170.101 (10.142.170.101) port 18093 (#0)
      • ALPN, offering h2
      • ALPN, offering http/1.1
      • Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
      • successfully set certificate verify locations:
      •   CAfile: /tmp/newcerts91/root.crt

        CApath: none

      • TLSv1.2 (OUT), TLS handshake, Client hello (1):
      • TLSv1.2 (IN), TLS handshake, Server hello (2):
      • TLSv1.2 (IN), TLS handshake, Certificate (11):
      • TLSv1.2 (IN), TLS handshake, Server key exchange (12):
      • TLSv1.2 (IN), TLS handshake, Server finished (14):
      • TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
      • TLSv1.2 (OUT), TLS change cipher, Client hello (1):
      • TLSv1.2 (OUT), TLS handshake, Finished (20):
      • TLSv1.2 (IN), TLS change cipher, Client hello (1):
      • TLSv1.2 (IN), TLS handshake, Finished (20):
      • SSL connection using TLSv1.2 / ECDHE-RSA-AES256-SHA
      • ALPN, server accepted to use h2
      • Server certificate:

      *  subject: C=UA; O=My Company; CN=10.142.170.101

      *  start date: Jan 16 05:16:46 2018 GMT

      *  expire date: Nov 12 05:16:46 2018 GMT

      *  common name: 10.142.170.101 (matched)

      *  issuer: C=UA; O=My Company; CN=My Company Intermediate CA

      *  SSL certificate verify ok.

      • Using HTTP2, server supports multi-use
      • Connection state changed (HTTP/2 confirmed)
      • Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
      • Server auth using Basic with user 'Administrator'
      • Using Stream ID: 1 (easy handle 0x7f84e7800400)

      > POST /query/service HTTP/2

      > Host: 10.142.170.101:18093

      > Authorization: Basic QWRtaW5pc3RyYXRvcjpwYXNzd29yZA==

      > User-Agent: curl/7.54.0

      > Accept: /

      > Content-Length: 44

      > Content-Type: application/x-www-form-urlencoded

      • http2 error: Remote peer returned unexpected data while we expected SETTINGS frame.  Perhaps, peer does not support HTTP/2 properly.
      • SSL_write() returned SYSCALL, errno = 32
      • Failed sending HTTP2 data
      • TLSv1.2 (IN), TLS alert, Client hello (1):
      • Unexpected EOF
      • Closing connection 0

      curl: (56) SSL_write() returned SYSCALL, errno = 32

      Attachments

        Issue Links

          blocks

          Bug - A problem which impairs or prevents the functions of the product. MB-37002 HTTP/2 protocol error accessing query service API

          • Major - Major loss of function.
          • Closed
          relates to

          Task - A task that needs to be done. MB-27688 Query service does not support https/2 properly

          • Major - Major loss of function.
          • Closed
          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

              ritam.sharma Ritam Sharma
              ritam.sharma Ritam Sharma
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes

                  PagerDuty