Uploaded image for project: 'Couchbase .NET client library'
  1. Couchbase .NET client library
  2. NCBC-1620

Allow custom SSL authentication

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.5.6
    • Fix Version/s: 2.6.0
    • Component/s: library
    • Labels:
      None

      Description

      One reason to do this would be to provide custom implementations of ServerCertificateCustomValidationCallback: https://forums.couchbase.com/t/platformnotsupportedexception-when-querying-from-net-core-2-0-on-macos/15490/2?u=jmorris

        Attachments

          Issue Links

          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

            Activity

            Hide
            jmorris Jeff Morris added a comment -

            The forum post and JIRA ticket asked for pluggable HttpClientHandler’s, but there are some issues with going that route (there is header info that the server expects that is specific to CB and overall complexity of the change in the 2.X client). Instead we allow the ServerCertificateCustomValidationCallback to be overridden with custom logic for handling the SSL error returned.

            Note that the issue causing the need for doing this is a .NET Core bug/issue on the particular platform (OS) they are running their code: “System.PlatformNotSupportedException: The handler does not support custom handling of certificates with this combination of libcurl (7.54.0) and its SSL backend (“SecureTransport”).” It’s not related to the Couchbase SDK specifically – any .NET CORE code using SSL will fail with the same execption on that OS.

            Usage is like this:

             

            #if NET45
                    private static bool OnCertificateValidation(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
            #else
                    private static bool OnCertificateValidation(HttpRequestMessage request, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
            #endif
                    {
                        return sslPolicyErrors == SslPolicyErrors.None;
                    }
            var config = new ClientConfiguration
                        {
                            HttpServerCertificateValidationCallback = OnCertificateValidation
                        };
            var cluster = new Cluster(config);
            // open a bucket and use it
            

             

            Show
            jmorris Jeff Morris added a comment - The forum post and JIRA ticket asked for pluggable HttpClientHandler’s, but there are some issues with going that route (there is header info that the server expects that is specific to CB and overall complexity of the change in the 2.X client). Instead we allow the ServerCertificateCustomValidationCallback to be overridden with custom logic for handling the SSL error returned. Note that the issue causing the need for doing this is a .NET Core bug/issue on the particular platform (OS) they are running their code: “ System.PlatformNotSupportedException: The handler does not support custom handling of certificates with this combination of libcurl (7.54.0) and its SSL backend (“SecureTransport”).” It’s not related to the Couchbase SDK specifically – any .NET CORE code using SSL will fail with the same execption on that OS. Usage is like this:   # if NET45         private static bool OnCertificateValidation(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) # else         private static bool OnCertificateValidation(HttpRequestMessage request, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) #endif         {             return sslPolicyErrors == SslPolicyErrors.None;         } var config = new ClientConfiguration             {                 HttpServerCertificateValidationCallback = OnCertificateValidation             }; var cluster = new Cluster(config); // open a bucket and use it  

              People

              • Assignee:
                jmorris Jeff Morris
                Reporter:
                jmorris Jeff Morris
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Gerrit Reviews

                  There are no open Gerrit changes

                    PagerDuty

                    Error rendering 'com.pagerduty.jira-server-plugin:PagerDuty'. Please contact your Jira administrators.