Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Critical
Fix Version/s: 5.5.0
Affects Version/s: 5.5.0
Component/s: cbauth, ns_server
Labels:
- Beta

Triage:
Untriaged
Is this a Regression?:
No

Description

Build
5.5.0-2126

Please note that neither of the following work in client-cert mandatory mode.

$ curl -v --cacert /tmp/newcerts77/root.crt --cert-type PEM --cert /tmp/newcerts77/172.23.108.222.pem --key-type PEM --key /tmp/newcerts77/172.23.108.222.key -d name=C2 -d hostname=172.23.106.176:8091 -d username=Administrator -d password=password -d demandEncryption=1 --data-urlencode "certificate=$(cat cert.pem)" -X POST https://172.23.106.139:18091/pools/default/remoteClusters

* About to connect() to 172.23.106.139 port 18091 (#0)

*   Trying 172.23.106.139...

* Connected to 172.23.106.139 (172.23.106.139) port 18091 (#0)

* Initializing NSS with certpath: sql:/etc/pki/nssdb

*   CAfile: /tmp/newcerts77/root.crt

  CApath: none

* NSS: client certificate from file

* 	subject: CN=www.cb-cbadminbucket.com,O=My Company,L=Mountain View,ST=California,C=UA

* 	start date: Mar 14 05:12:48 2018 GMT

* 	expire date: Mar 14 05:12:48 2019 GMT

* 	common name: www.cb-cbadminbucket.com

* 	issuer: CN=My Company Intermediate CA,O=My Company,C=UA

* SSL connection using TLS_DHE_RSA_WITH_AES_256_CBC_SHA

* Server certificate:

* 	subject: CN=www.cb-cbadminbucket.com,O=My Company,L=Mountain View,ST=California,C=UA

* 	start date: Mar 14 05:12:48 2018 GMT

* 	expire date: Jan 08 05:12:48 2019 GMT

* 	common name: www.cb-cbadminbucket.com

* 	issuer: CN=My Company Intermediate CA,O=My Company,C=UA

> POST /pools/default/remoteClusters HTTP/1.1

> User-Agent: curl/7.29.0

> Host: 172.23.106.139:18091

> Accept: */*

> Content-Length: 1027

> Content-Type: application/x-www-form-urlencoded

> Expect: 100-continue

< HTTP/1.1 100 Continue

< HTTP/1.1 500 Internal Server Error

< X-XSS-Protection: 1; mode=block

< X-Permitted-Cross-Domain-Policies: none

< X-Frame-Options: DENY

< X-Content-Type-Options: nosniff

< Server: Couchbase Server

< Pragma: no-cache

< Expires: Thu, 01 Jan 1970 00:00:00 GMT

< Date: Wed, 14 Mar 2018 06:07:42 GMT

< Content-Type: text/plain; charset=utf-8

< Content-Length: 42

< Connection: close

< Cache-Control: no-cache,no-store,must-revalidate

Request doesn't have a client certificate

curl -v -X POST --cacert /tmp/newcerts77/root.crt --cert /tmp/newcerts77/172.23.108.222.pem --key /tmp/newcerts77/172.23.108.222.key -d name=C2 -d hostname=172.23.106.176:8091 -d username=Administrator -d password=password -d demandEncryption=1 --data-urlencode "certificate=$(cat cert.pem)"  https://Administrator:password@172.23.106.139:18091/pools/default/remoteClusters

* About to connect() to 172.23.106.139 port 18091 (#0)

*   Trying 172.23.106.139...

* Connected to 172.23.106.139 (172.23.106.139) port 18091 (#0)

* Initializing NSS with certpath: sql:/etc/pki/nssdb

*   CAfile: /tmp/newcerts77/root.crt

  CApath: none

* NSS: client certificate from file

* 	subject: CN=www.cb-cbadminbucket.com,O=My Company,L=Mountain View,ST=California,C=UA

* 	start date: Mar 14 05:12:48 2018 GMT

* 	expire date: Mar 14 05:12:48 2019 GMT

* 	common name: www.cb-cbadminbucket.com

* 	issuer: CN=My Company Intermediate CA,O=My Company,C=UA

* SSL connection using TLS_DHE_RSA_WITH_AES_256_CBC_SHA

* Server certificate:

* 	subject: CN=www.cb-cbadminbucket.com,O=My Company,L=Mountain View,ST=California,C=UA

* 	start date: Mar 14 05:12:48 2018 GMT

* 	expire date: Jan 08 05:12:48 2019 GMT

* 	common name: www.cb-cbadminbucket.com

* 	issuer: CN=My Company Intermediate CA,O=My Company,C=UA

* Server auth using Basic with user 'Administrator'

> POST /pools/default/remoteClusters HTTP/1.1

> Authorization: Basic QWRtaW5pc3RyYXRvcjpwYXNzd29yZA==

> User-Agent: curl/7.29.0

> Host: 172.23.106.139:18091

> Accept: */*

> Content-Length: 1027

> Content-Type: application/x-www-form-urlencoded

> Expect: 100-continue

< HTTP/1.1 100 Continue

< HTTP/1.1 500 Internal Server Error

< X-XSS-Protection: 1; mode=block

< X-Permitted-Cross-Domain-Policies: none

< X-Frame-Options: DENY

< X-Content-Type-Options: nosniff

< Server: Couchbase Server

< Pragma: no-cache

< Expires: Thu, 01 Jan 1970 00:00:00 GMT

< Date: Wed, 14 Mar 2018 06:04:46 GMT

< Content-Type: text/plain; charset=utf-8

< Content-Length: 42

< Connection: close

< Cache-Control: no-cache,no-store,must-revalidate

Request doesn't have a client certificate

* Closing connection 0

However in disable mode, I'm able to create the remote cluster reference.

Source cluster - https://s3.amazonaws.com/cb-engineering/Aruna/collectinfo-2018-03-14T065055-ns_1%40127.0.0.1.zip
Target cluster - https://s3.amazonaws.com/cb-engineering/Aruna/collectinfo-2018-03-14T065114-ns_1%40127.0.0.1.zip

Attachments

Gerrit Reviews

- Issue Only
- Show All Reviews
- Show Open Reviews
- Show All Issues
- Show Open Issues

No reviews matched the request. Check your Options in the drop-down menu of this sections header.

Activity

People

Assignee:: Ajit Yagaty [X] (Inactive)

Reporter:: Aruna Piravi (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Due:: 16/Mar/18

Created:: 13/Mar/18 11:40 PM

Updated:: 18/Apr/18 4:13 AM

Resolved:: 15/Mar/18 2:05 PM

Gerrit Reviews

There are no open Gerrit changes

Show There is 1 closed Gerrit change

Hide There is 1 closed Gerrit change

MB-28665: Restrict client certificate auth...: Gerrit Review:

[XDCR] x509: "Request doesn't have a client certificate" when client cert is passed in mandatory mode

Details

Description

Attachments

Gerrit Reviews

Activity

People

Dates

Gerrit Reviews

PagerDuty