Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Not a Bug
Priority: Critical
Fix Version/s: 7.0.0
Affects Version/s: Cheshire-Cat
Component/s: fts, query
Labels:
- functional-test
- security
Environment:
7.0.0-5017

Triage:
Untriaged
Operating System:
Centos 64-bit
Story Points:
1
Is this a Regression?:
No

Description

1. Setup a 4 node cluster
kv-kv-n1ql-index
kv-kv-kv-fts
2. Enable client cert and setup server for client cert

Connect to n1ql port -

curl -v --cacert /tmp/newcerts85//long_chain172.16.1.174.pem --cert-type PEM --cert /tmp/newcerts85/172.16.1.174.pem --key-type PEM --key /tmp/newcerts85/172.16.1.174.key  https://s22401-ip6.qe.couchbase.com:18093/query/service -d statement='create index idx1 on default(name)'

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current

                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying fd63:6f75:6368:2060:4c6e:44ff:fea4:e6d5:18093...

* Connected to s22401-ip6.qe.couchbase.com (fd63:6f75:6368:2060:4c6e:44ff:fea4:e6d5) port 18093 (#0)

* Initializing NSS with certpath: sql:/etc/pki/nssdb

*  CAfile: /tmp/newcerts85//long_chain172.16.1.174.pem

*  CApath: none

* NSS: client certificate from file

* 	subject: CN=ip_address,O=My Company,L=Mountain View,ST=California,C=UA

* 	start date: Apr 29 10:48:06 2021 GMT

* 	expire date: Apr 29 10:48:06 2022 GMT

* 	common name: ip_address

* 	issuer: CN=My Company Intermediate CA,O=My Company,C=UA

* NSS error -8191 (SEC_ERROR_LIBRARY_FAILURE)

* security library failure.

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0

* Closing connection 0

curl: (35) security library failure.

Connect to fts port:

curl -v --cacert /tmp/newcerts85//long_chain172.16.1.174.pem --cert-type PEM --cert /tmp/newcerts85/172.16.1.174.pem --key-type PEM --key /tmp/newcerts85/172.16.1.174.key  -XPUT -H "Content-Type: application/json"  https://s22404-ip6.qe.couchbase.com:18094/api/index/default_idx -d '{"sourceName": "default", "sourceType": "couchbase", "type": "fulltext-index"}'

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current

                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying fd63:6f75:6368:2060:b8ce:cbff:fe05:29fe:18094...

* Connected to s22404-ip6.qe.couchbase.com (fd63:6f75:6368:2060:b8ce:cbff:fe05:29fe) port 18094 (#0)

* Initializing NSS with certpath: sql:/etc/pki/nssdb

*  CAfile: /tmp/newcerts85//long_chain172.16.1.174.pem

*  CApath: none

* NSS: client certificate from file

* 	subject: CN=ip_address,O=My Company,L=Mountain View,ST=California,C=UA

* 	start date: Apr 29 10:34:56 2021 GMT

* 	expire date: Apr 29 10:34:56 2022 GMT

* 	common name: ip_address

* 	issuer: CN=My Company Intermediate CA,O=My Company,C=UA

* NSS error -8191 (SEC_ERROR_LIBRARY_FAILURE)

* security library failure.

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0

* Closing connection 0

curl: (35) security library failure.

Note the issue is with ipv6 boxes, don't see issues with ipv4

Attachments

Issue Links

relates to

MB-45999 Closed Listener are never removed from the endpoint

Closed

Gerrit Reviews

- Issue Only
- Show All Reviews
- Show Open Reviews
- Show All Issues
- Show Open Issues

No reviews matched the request. Check your Options in the drop-down menu of this sections header.

Activity

People

Assignee:: Isha Kandaswamy (Inactive)

Reporter:: Ritam Sharma

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Due:: 04/May/21

Created:: 29/Apr/21 3:57 AM

Updated:: 17/Jun/21 3:30 PM

Resolved:: 30/Apr/21 7:29 AM

Gerrit Reviews

There are no open Gerrit changes

[ipv6] - Issues with client cert for ports - 18093 and 18094

Details

Description

Attachments

Issue Links

Gerrit Reviews

Activity

People

Dates

Gerrit Reviews

PagerDuty