Uploaded image for project: 'Couchbase Server'
  1. Couchbase Server
  2. MB-41051

UI Inserting newline character at the end of remote cluster cert

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Blocker
    • 7.0.0
    • Cheshire-Cat
    • UI
    • None
    • Untriaged
    • 1
    • Yes

    Description

      The certificate field for XDCR remote cluster entry is currently broken. The UI is inserting a newline character feed at the end of the certificate, which causes it to be invalid for rendering.

      Reproduce steps:

      1. Setup a single node cluster using cluster_run
      2. Go to “Settings” on the left tab, go to “Root Certificate”
      3. Highlight and copy the root certificate.
      4. Go to XDCR -> Create remote cluster -> 127.0.0.1:9000 -> Enable Secure Connection (check) -> Full (select)
      5. Due to MB-41041, enter “a” in all 3 text fields, and then remove them.
      6. Paste the root cert copied from step 3 into the “Copy/paste the certificate info” text box
      7. Press “save”
      8. See error “Failed to parse given certificate. Certificate must be a single, PEM-encoded x509 certificate and nothing more”

      Works with CURL

      1. echo -n “<paste>” > /tmp/cert.pem 

        neil.huang@NeilsMacbookPro:~/Downloads$ echo -n "-----BEGIN CERTIFICATE-----
        		 
        > MIIB/TCCAWagAwIBAgIIFizNDQk2IhgwDQYJKoZIhvcNAQELBQAwJDEiMCAGA1UE
        		 
        > AxMZQ291Y2hiYXNlIFNlcnZlciA3NjYxYmU1YjAeFw0xMzAxMDEwMDAwMDBaFw00
        		 
        > OTEyMzEyMzU5NTlaMCQxIjAgBgNVBAMTGUNvdWNoYmFzZSBTZXJ2ZXIgNzY2MWJl
        		 
        > NWIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMxNI57d9QgUUbxKD061oLLt
        		 
        > 8pbCURTBrbhjqXYfUINT3u/PhdfiKrK+tQCEeKgUkY0AFXdItX8LdQzGMHuCZ4jU
        		 
        > 3JlLWV2740Z2sCQGAJ6SSNmhcOn8NGzwifWycsByqyT+SHxlmNOSOvyaAS2ez+Iy
        		 
        > yghYLObkt3SXk90H9hGjAgMBAAGjODA2MA4GA1UdDwEB/wQEAwICpDATBgNVHSUE
        		 
        > DDAKBggrBgEFBQcDATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4GB
        		 
        > AKj6PWCT8mCSMbCjiECsJ2fc1PnFWS4G3fhO8PiFhzhq+WMtOmgaX4TmxYtxyN9f
        		 
        > F22y0ftSB8AUVSwaS6DXbeDxkf+gMQO4A4AHgYQtjf3i7YHiZi6pexFOBGfhEUP1
        		 
        > Hsu+pJmgQonUAHfDDxF7luYAracwWAbeM/6oABR7w4XR
        		 
        > -----END CERTIFICATE-----
        		 
        > " > /tmp/cert.pem

      2. Run the following curl command to create a remote cluster reference 

        neil.huang@NeilsMacbookPro:~/source/couchbase/goproj/src/github.com/couchbase/goxdcr$ curl -X POST -u Administrator:wewewe http://127.0.0.1:9000/pools/default/remoteClusters -d name=self -d hostname=127.0.0.1:9000 -d username=Administrator -d password=wewewe -d demandEncryption=1 --data-urlencode "certificate=$(cat /tmp/cert.pem)"
        		 
        {"certificate":"-----BEGIN CERTIFICATE-----\nMIIB/TCCAWagAwIBAgIIFizNDQk2IhgwDQYJKoZIhvcNAQELBQAwJDEiMCAGA1UE\nAxMZQ291Y2hiYXNlIFNlcnZlciA3NjYxYmU1YjAeFw0xMzAxMDEwMDAwMDBaFw00\nOTEyMzEyMzU5NTlaMCQxIjAgBgNVBAMTGUNvdWNoYmFzZSBTZXJ2ZXIgNzY2MWJl\nNWIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMxNI57d9QgUUbxKD061oLLt\n8pbCURTBrbhjqXYfUINT3u/PhdfiKrK+tQCEeKgUkY0AFXdItX8LdQzGMHuCZ4jU\n3JlLWV2740Z2sCQGAJ6SSNmhcOn8NGzwifWycsByqyT+SHxlmNOSOvyaAS2ez+Iy\nyghYLObkt3SXk90H9hGjAgMBAAGjODA2MA4GA1UdDwEB/wQEAwICpDATBgNVHSUE\nDDAKBggrBgEFBQcDATAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4GB\nAKj6PWCT8mCSMbCjiECsJ2fc1PnFWS4G3fhO8PiFhzhq+WMtOmgaX4TmxYtxyN9f\nF22y0ftSB8AUVSwaS6DXbeDxkf+gMQO4A4AHgYQtjf3i7YHiZi6pexFOBGfhEUP1\nHsu+pJmgQonUAHfDDxF7luYAracwWAbeM/6oABR7w4XR\n-----END CERTIFICATE-----","deleted":false,"demandEncryption":true,"encryptionType":"full","hostname":"127.0.0.1:9000","name":"self","secureType":"full","uri":"/pools/default/remoteClusters/self","username":"Administrator","uuid":"ba1ae28026f346cd665102953d186fff","validateURI":"/pools/default/remoteClusters/self?just_validate=1"}

      3. Command ran successfully 

        neil.huang@NeilsMacbookPro:~/source/couchbase/goproj/src/github.com/couchbase/goxdcr$ echo $?
        		 
        0

      4. Validate from UI that remote cluster reference exists

       

      I did a hex dump of the certificate that XDCR receives from both cases, the UI and CURL command.

      The working certificate hex dump:

      00000000  2d 2d 2d 2d 2d 42 45 47  49 4e 20 43 45 52 54 49  |-----BEGIN CERTI|
      		 
      00000010  46 49 43 41 54 45 2d 2d  2d 2d 2d 0a 4d 49 49 42  |FICATE-----.MIIB|
      		 
      00000020  2f 54 43 43 41 57 61 67  41 77 49 42 41 67 49 49  |/TCCAWagAwIBAgII|
      		 
      00000030  46 69 7a 4e 44 51 6b 32  49 68 67 77 44 51 59 4a  |FizNDQk2IhgwDQYJ|
      		 
      00000040  4b 6f 5a 49 68 76 63 4e  41 51 45 4c 42 51 41 77  |KoZIhvcNAQELBQAw|
      		 
      00000050  4a 44 45 69 4d 43 41 47  41 31 55 45 0a 41 78 4d  |JDEiMCAGA1UE.AxM|
      		 
      00000060  5a 51 32 39 31 59 32 68  69 59 58 4e 6c 49 46 4e  |ZQ291Y2hiYXNlIFN|
      		 
      00000070  6c 63 6e 5a 6c 63 69 41  33 4e 6a 59 78 59 6d 55  |lcnZlciA3NjYxYmU|
      		 
      00000080  31 59 6a 41 65 46 77 30  78 4d 7a 41 78 4d 44 45  |1YjAeFw0xMzAxMDE|
      		 
      00000090  77 4d 44 41 77 4d 44 42  61 46 77 30 30 0a 4f 54  |wMDAwMDBaFw00.OT|
      		 
      000000a0  45 79 4d 7a 45 79 4d 7a  55 35 4e 54 6c 61 4d 43  |EyMzEyMzU5NTlaMC|
      		 
      000000b0  51 78 49 6a 41 67 42 67  4e 56 42 41 4d 54 47 55  |QxIjAgBgNVBAMTGU|
      		 
      000000c0  4e 76 64 57 4e 6f 59 6d  46 7a 5a 53 42 54 5a 58  |NvdWNoYmFzZSBTZX|
      		 
      000000d0  4a 32 5a 58 49 67 4e 7a  59 32 4d 57 4a 6c 0a 4e  |J2ZXIgNzY2MWJl.N|
      		 
      000000e0  57 49 77 67 5a 38 77 44  51 59 4a 4b 6f 5a 49 68  |WIwgZ8wDQYJKoZIh|
      		 
      000000f0  76 63 4e 41 51 45 42 42  51 41 44 67 59 30 41 4d  |vcNAQEBBQADgY0AM|
      		 
      00000100  49 47 4a 41 6f 47 42 41  4d 78 4e 49 35 37 64 39  |IGJAoGBAMxNI57d9|
      		 
      00000110  51 67 55 55 62 78 4b 44  30 36 31 6f 4c 4c 74 0a  |QgUUbxKD061oLLt.|
      		 
      00000120  38 70 62 43 55 52 54 42  72 62 68 6a 71 58 59 66  |8pbCURTBrbhjqXYf|
      		 
      00000130  55 49 4e 54 33 75 2f 50  68 64 66 69 4b 72 4b 2b  |UINT3u/PhdfiKrK+|
      		 
      00000140  74 51 43 45 65 4b 67 55  6b 59 30 41 46 58 64 49  |tQCEeKgUkY0AFXdI|
      		 
      00000150  74 58 38 4c 64 51 7a 47  4d 48 75 43 5a 34 6a 55  |tX8LdQzGMHuCZ4jU|
      		 
      00000160  0a 33 4a 6c 4c 57 56 32  37 34 30 5a 32 73 43 51  |.3JlLWV2740Z2sCQ|
      		 
      00000170  47 41 4a 36 53 53 4e 6d  68 63 4f 6e 38 4e 47 7a  |GAJ6SSNmhcOn8NGz|
      		 
      00000180  77 69 66 57 79 63 73 42  79 71 79 54 2b 53 48 78  |wifWycsByqyT+SHx|
      		 
      00000190  6c 6d 4e 4f 53 4f 76 79  61 41 53 32 65 7a 2b 49  |lmNOSOvyaAS2ez+I|
      		 
      000001a0  79 0a 79 67 68 59 4c 4f  62 6b 74 33 53 58 6b 39  |y.yghYLObkt3SXk9|
      		 
      000001b0  30 48 39 68 47 6a 41 67  4d 42 41 41 47 6a 4f 44  |0H9hGjAgMBAAGjOD|
      		 
      000001c0  41 32 4d 41 34 47 41 31  55 64 44 77 45 42 2f 77  |A2MA4GA1UdDwEB/w|
      		 
      000001d0  51 45 41 77 49 43 70 44  41 54 42 67 4e 56 48 53  |QEAwICpDATBgNVHS|
      		 
      000001e0  55 45 0a 44 44 41 4b 42  67 67 72 42 67 45 46 42  |UE.DDAKBggrBgEFB|
      		 
      000001f0  51 63 44 41 54 41 50 42  67 4e 56 48 52 4d 42 41  |QcDATAPBgNVHRMBA|
      		 
      00000200  66 38 45 42 54 41 44 41  51 48 2f 4d 41 30 47 43  |f8EBTADAQH/MA0GC|
      		 
      00000210  53 71 47 53 49 62 33 44  51 45 42 43 77 55 41 41  |SqGSIb3DQEBCwUAA|
      		 
      00000220  34 47 42 0a 41 4b 6a 36  50 57 43 54 38 6d 43 53  |4GB.AKj6PWCT8mCS|
      		 
      00000230  4d 62 43 6a 69 45 43 73  4a 32 66 63 31 50 6e 46  |MbCjiECsJ2fc1PnF|
      		 
      00000240  57 53 34 47 33 66 68 4f  38 50 69 46 68 7a 68 71  |WS4G3fhO8PiFhzhq|
      		 
      00000250  2b 57 4d 74 4f 6d 67 61  58 34 54 6d 78 59 74 78  |+WMtOmgaX4TmxYtx|
      		 
      00000260  79 4e 39 66 0a 46 32 32  79 30 66 74 53 42 38 41  |yN9f.F22y0ftSB8A|
      		 
      00000270  55 56 53 77 61 53 36 44  58 62 65 44 78 6b 66 2b  |UVSwaS6DXbeDxkf+|
      		 
      00000280  67 4d 51 4f 34 41 34 41  48 67 59 51 74 6a 66 33  |gMQO4A4AHgYQtjf3|
      		 
      00000290  69 37 59 48 69 5a 69 36  70 65 78 46 4f 42 47 66  |i7YHiZi6pexFOBGf|
      		 
      000002a0  68 45 55 50 31 0a 48 73  75 2b 70 4a 6d 67 51 6f  |hEUP1.Hsu+pJmgQo|
      		 
      000002b0  6e 55 41 48 66 44 44 78  46 37 6c 75 59 41 72 61  |nUAHfDDxF7luYAra|
      		 
      000002c0  63 77 57 41 62 65 4d 2f  36 6f 41 42 52 37 77 34  |cwWAbeM/6oABR7w4|
      		 
      000002d0  58 52 0a 2d 2d 2d 2d 2d  45 4e 44 20 43 45 52 54  |XR.-----END CERT|
      		 
      000002e0  49 46 49 43 41 54 45 2d  2d 2d 2d 2d              |IFICATE-----|

       
      Broken certificate hex dump:

      00000000  2d 2d 2d 2d 2d 42 45 47  49 4e 20 43 45 52 54 49  |-----BEGIN CERTI|
      		 
      00000010  46 49 43 41 54 45 2d 2d  2d 2d 2d 0a 4d 49 49 42  |FICATE-----.MIIB|
      		 
      00000020  2f 54 43 43 41 57 61 67  41 77 49 42 41 67 49 49  |/TCCAWagAwIBAgII|
      		 
      00000030  46 69 7a 4e 44 51 6b 32  49 68 67 77 44 51 59 4a  |FizNDQk2IhgwDQYJ|
      		 
      00000040  4b 6f 5a 49 68 76 63 4e  41 51 45 4c 42 51 41 77  |KoZIhvcNAQELBQAw|
      		 
      00000050  4a 44 45 69 4d 43 41 47  41 31 55 45 0a 41 78 4d  |JDEiMCAGA1UE.AxM|
      		 
      00000060  5a 51 32 39 31 59 32 68  69 59 58 4e 6c 49 46 4e  |ZQ291Y2hiYXNlIFN|
      		 
      00000070  6c 63 6e 5a 6c 63 69 41  33 4e 6a 59 78 59 6d 55  |lcnZlciA3NjYxYmU|
      		 
      00000080  31 59 6a 41 65 46 77 30  78 4d 7a 41 78 4d 44 45  |1YjAeFw0xMzAxMDE|
      		 
      00000090  77 4d 44 41 77 4d 44 42  61 46 77 30 30 0a 4f 54  |wMDAwMDBaFw00.OT|
      		 
      000000a0  45 79 4d 7a 45 79 4d 7a  55 35 4e 54 6c 61 4d 43  |EyMzEyMzU5NTlaMC|
      		 
      000000b0  51 78 49 6a 41 67 42 67  4e 56 42 41 4d 54 47 55  |QxIjAgBgNVBAMTGU|
      		 
      000000c0  4e 76 64 57 4e 6f 59 6d  46 7a 5a 53 42 54 5a 58  |NvdWNoYmFzZSBTZX|
      		 
      000000d0  4a 32 5a 58 49 67 4e 7a  59 32 4d 57 4a 6c 0a 4e  |J2ZXIgNzY2MWJl.N|
      		 
      000000e0  57 49 77 67 5a 38 77 44  51 59 4a 4b 6f 5a 49 68  |WIwgZ8wDQYJKoZIh|
      		 
      000000f0  76 63 4e 41 51 45 42 42  51 41 44 67 59 30 41 4d  |vcNAQEBBQADgY0AM|
      		 
      00000100  49 47 4a 41 6f 47 42 41  4d 78 4e 49 35 37 64 39  |IGJAoGBAMxNI57d9|
      		 
      00000110  51 67 55 55 62 78 4b 44  30 36 31 6f 4c 4c 74 0a  |QgUUbxKD061oLLt.|
      		 
      00000120  38 70 62 43 55 52 54 42  72 62 68 6a 71 58 59 66  |8pbCURTBrbhjqXYf|
      		 
      00000130  55 49 4e 54 33 75 2f 50  68 64 66 69 4b 72 4b 2b  |UINT3u/PhdfiKrK+|
      		 
      00000140  74 51 43 45 65 4b 67 55  6b 59 30 41 46 58 64 49  |tQCEeKgUkY0AFXdI|
      		 
      00000150  74 58 38 4c 64 51 7a 47  4d 48 75 43 5a 34 6a 55  |tX8LdQzGMHuCZ4jU|
      		 
      00000160  0a 33 4a 6c 4c 57 56 32  37 34 30 5a 32 73 43 51  |.3JlLWV2740Z2sCQ|
      		 
      00000170  47 41 4a 36 53 53 4e 6d  68 63 4f 6e 38 4e 47 7a  |GAJ6SSNmhcOn8NGz|
      		 
      00000180  77 69 66 57 79 63 73 42  79 71 79 54 2b 53 48 78  |wifWycsByqyT+SHx|
      		 
      00000190  6c 6d 4e 4f 53 4f 76 79  61 41 53 32 65 7a 2b 49  |lmNOSOvyaAS2ez+I|
      		 
      000001a0  79 0a 79 67 68 59 4c 4f  62 6b 74 33 53 58 6b 39  |y.yghYLObkt3SXk9|
      		 
      000001b0  30 48 39 68 47 6a 41 67  4d 42 41 41 47 6a 4f 44  |0H9hGjAgMBAAGjOD|
      		 
      000001c0  41 32 4d 41 34 47 41 31  55 64 44 77 45 42 2f 77  |A2MA4GA1UdDwEB/w|
      		 
      000001d0  51 45 41 77 49 43 70 44  41 54 42 67 4e 56 48 53  |QEAwICpDATBgNVHS|
      		 
      000001e0  55 45 0a 44 44 41 4b 42  67 67 72 42 67 45 46 42  |UE.DDAKBggrBgEFB|
      		 
      000001f0  51 63 44 41 54 41 50 42  67 4e 56 48 52 4d 42 41  |QcDATAPBgNVHRMBA|
      		 
      00000200  66 38 45 42 54 41 44 41  51 48 2f 4d 41 30 47 43  |f8EBTADAQH/MA0GC|
      		 
      00000210  53 71 47 53 49 62 33 44  51 45 42 43 77 55 41 41  |SqGSIb3DQEBCwUAA|
      		 
      00000220  34 47 42 0a 41 4b 6a 36  50 57 43 54 38 6d 43 53  |4GB.AKj6PWCT8mCS|
      		 
      00000230  4d 62 43 6a 69 45 43 73  4a 32 66 63 31 50 6e 46  |MbCjiECsJ2fc1PnF|
      		 
      00000240  57 53 34 47 33 66 68 4f  38 50 69 46 68 7a 68 71  |WS4G3fhO8PiFhzhq|
      		 
      00000250  2b 57 4d 74 4f 6d 67 61  58 34 54 6d 78 59 74 78  |+WMtOmgaX4TmxYtx|
      		 
      00000260  79 4e 39 66 0a 46 32 32  79 30 66 74 53 42 38 41  |yN9f.F22y0ftSB8A|
      		 
      00000270  55 56 53 77 61 53 36 44  58 62 65 44 78 6b 66 2b  |UVSwaS6DXbeDxkf+|
      		 
      00000280  67 4d 51 4f 34 41 34 41  48 67 59 51 74 6a 66 33  |gMQO4A4AHgYQtjf3|
      		 
      00000290  69 37 59 48 69 5a 69 36  70 65 78 46 4f 42 47 66  |i7YHiZi6pexFOBGf|
      		 
      000002a0  68 45 55 50 31 0a 48 73  75 2b 70 4a 6d 67 51 6f  |hEUP1.Hsu+pJmgQo|
      		 
      000002b0  6e 55 41 48 66 44 44 78  46 37 6c 75 59 41 72 61  |nUAHfDDxF7luYAra|
      		 
      000002c0  63 77 57 41 62 65 4d 2f  36 6f 41 42 52 37 77 34  |cwWAbeM/6oABR7w4|
      		 
      000002d0  58 52 0a 2d 2d 2d 2d 2d  45 4e 44 20 43 45 52 54  |XR.-----END CERT|
      		 
      000002e0  49 46 49 43 41 54 45 2d  2d 2d 2d 2d 0a           |IFICATE-----.|

      Visually we can see it, but doing a diff will show a newline char at the end of the broken hex dump:

      neil.huang@NeilsMacbookPro:/tmp$ diff working.dump notWorking.dump
      		 
      47c47
      		 
      < 000002e0  49 46 49 43 41 54 45 2d  2d 2d 2d 2d              |IFICATE-----|
      		 
      ---
      		 
      > 000002e0  49 46 49 43 41 54 45 2d  2d 2d 2d 2d 0a           |IFICATE-----.|

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. MB-40951 Can't XDCR from non-cloud cluster to Cloud cluster

          • Major - Major loss of function.
          • Closed
          For Gerrit Dashboard: MB-41051
          # Subject Branch Project Status CR V
          134739,3 MB-41051: use standart encoder for http body request master ns_server Status: MERGED +2 +1

          Activity

            People

              pavel Pavel Blagodov
              neil.huang Neil Huang
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes

                  PagerDuty