Uploaded image for project: 'Couchbase Server'
  1. Couchbase Server
  2. MB-48291

[Enforce-TLS] FTS not honouring strict level of n2n

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Critical
    • Resolution: Fixed
    • 7.0.2
    • 7.0.2
    • fts
    • Centos 7 64 bit; CB 7.0.2-6636

    Description

      My ns-server specific tests are failing as cbft seems to be listening on *:8094 even after enforcing TLS.

      Simple way to reproduce this:
      1. Start a 1 node cluster with kv service (.215)
      2. Add another node with all services (.217)
      3. Disable AF and enable n2n encryption to level "strict"
      4. Check if FTS obeyed TLS:

      [root@localhost logs]# ss -4anpe | grep "8094" | grep "LISTEN" 
      tcp    LISTEN     0      128       *:18094                 *:*                   users:(("cbft",pid=124186,fd=18)) uid:996 ino:5237690 sk:ffff97a55b695d00 <->
      tcp    LISTEN     0      128       *:8094                  *:*                   users:(("cbft",pid=124186,fd=16)) uid:996 ino:5237688 sk:ffff97a55b696c80 <->
      [root@localhost logs]# 

      actual:
      *:8094
      expected:
      127.0.0.1:8094

      Attachments

        Issue Links

          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            Wayne Siu This needs to be approved for 7.0.2.
            Here's the fix: http://review.couchbase.org/c/cbft/+/160815

            abhinav Abhinav Dangeti added a comment - Wayne Siu  This needs to be approved for 7.0.2. Here's the fix:  http://review.couchbase.org/c/cbft/+/160815

            Build couchbase-server-7.0.2-6650 contains cbft commit e73aeda with commit message:
            MB-48291: Listen on localhost:8094 (even when DisableNonSSLPorts)

            build-team Couchbase Build Team added a comment - Build couchbase-server-7.0.2-6650 contains cbft commit e73aeda with commit message: MB-48291 : Listen on localhost:8094 (even when DisableNonSSLPorts)

            Build couchbase-server-7.1.0-1254 contains cbft commit e73aeda with commit message:
            MB-48291: Listen on localhost:8094 (even when DisableNonSSLPorts)

            build-team Couchbase Build Team added a comment - Build couchbase-server-7.1.0-1254 contains cbft commit e73aeda with commit message: MB-48291 : Listen on localhost:8094 (even when DisableNonSSLPorts)

            Verified on 7.0.2-6653. Closing

            sumedh.basarkod Sumedh Basarkod added a comment - Verified on 7.0.2-6653. Closing

            People

              abhinav Abhinav Dangeti
              sumedh.basarkod Sumedh Basarkod
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes

                  PagerDuty