Uploaded image for project: 'Couchbase .NET client library'
  1. Couchbase .NET client library
  2. NCBC-2642

ConnectionString vs Servers with TLS enabled

    XMLWordPrintable

Details

    • Task
    • Status: Open
    • Major
    • Resolution: Unresolved
    • 2.7.20
    • 2.7.27
    • None
    • None
    • Ubuntu 18.04 LTS
    • 1

    Description

      Background

      When we were discussing CBSE-8789,  we noted some different behavior between ConnectionString in 2.X and 3.X versions of the SDK as related to certificates when TLS is enabled. 

      Request:

      When using the 3.X code,  we were only able to get the code to connect when using localhost or enabling IgnoreRemoteCertificateNameMismatch.  However,  in 2.7.20 we encountered the scenario below.  In both cases the root certificate that is generated by Couchbase during installation was registered and used.

      Using ConnectionString with couchbases://

      When we attempt to use ConnectionString and provide it couchbases we get the following exception

      Unhandled exception. Couchbase.Configuration.Server.Serialization.BootstrapException: Could not bootstrap - check inner exceptions for details. (NodeLocator is not defined)
       ---> Couchbase.NullConfigException: NodeLocator is not defined
         at Couchbase.Configuration.ConfigContextBase.get_NodeLocator()
         at Couchbase.Core.ClusterController.CreateBucketImpl(String bucketName, String password, IAuthenticator authenticator)
         --- End of inner exception stack trace ---
         at Couchbase.Core.ClusterController.CreateBucketImpl(String bucketName, String password, IAuthenticator authenticator)
         at Couchbase.Core.ClusterController.CreateBucket(String bucketName, String password, IAuthenticator authenticator)
         at Couchbase.Cluster.OpenBucket(String bucketName, String password)
         at Couchbase.Cluster.OpenBucket(String bucketname)
         at demoapp.Program.Main(String[] args) in /home/ubuntu/demoapp2/Program.cs:line 43
      

       

      Using Servers with URI list

      However,  if we specify a URI list using https://<address>:18091,  we are able to successfully connect. 

       

      Thanks,

      Craig

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          jmorris Jeff Morris added a comment -

          The exception that is bubbled up here is misleading; the actual exception is an AuthenticationException, however SDK2 fails with a NodeLocater is null error instead:

          2020/09/08 18:05:03.192|DEBUG|Bootstrapping with 127.0.0.1:11210 failed. |Couchbase.Configuration.Server.Providers.ConfigProviderBase|
          2020/09/08 18:05:03.192|DEBUG|Checking configs... |Couchbase.Configuration.Server.Monitoring.ConfigMonitor|
          2020/09/08 18:05:03.192|WARN| Value cannot be null. (Parameter 'key')|Couchbase.Configuration.Server.Providers.ConfigProviderBase|
          2020/09/08 18:05:03.192|DEBUG|Waiting to check configs... |Couchbase.Configuration.Server.Monitoring.ConfigMonitor|
          2020/09/08 18:05:03.224|WARN| NodeLocator is not defined|Couchbase.Core.ClusterController|
          2020/09/08 18:05:03.224|DEBUG|Trying to bootstrap with Couchbase.Configuration.Server.Providers.Streaming.HttpStreamingProvider. |Couchbase.Core.ClusterController|
          2020/09/08 18:05:04.796|INFO|Using network type: 'auto' |Couchbase.Configuration.Server.Providers.ConfigProviderBase|
          2020/09/08 18:05:04.796|INFO|Bootstrapping from https://localhost:8091/pools |Couchbase.Configuration.Server.Providers.Streaming.HttpServerConfig|
          2020/09/08 18:05:05.039|ERROR| The SSL connection could not be established, see inner exception.|Couchbase.Configuration.Server.Providers.Streaming.HttpServerConfig|
          2020/09/08 18:05:05.068|WARN| Could not bootstrap from configured servers list.|Couchbase.Core.ClusterController|

          To be clear, the only way to enable TLS/SSL on SDK2 is to use:

          var config  = new ClientConfiguration {
                UseSsl = true
          }
          

          -Jeff

          jmorris Jeff Morris added a comment - The exception that is bubbled up here is misleading; the actual exception is an AuthenticationException, however SDK2 fails with a NodeLocater is null error instead: 2020/09/08 18:05:03.192|DEBUG|Bootstrapping with 127.0.0.1:11210 failed. |Couchbase.Configuration.Server.Providers.ConfigProviderBase| 2020/09/08 18:05:03.192|DEBUG|Checking configs... |Couchbase.Configuration.Server.Monitoring.ConfigMonitor| 2020/09/08 18:05:03.192|WARN| Value cannot be null. (Parameter 'key')|Couchbase.Configuration.Server.Providers.ConfigProviderBase| 2020/09/08 18:05:03.192|DEBUG|Waiting to check configs... |Couchbase.Configuration.Server.Monitoring.ConfigMonitor| 2020/09/08 18:05:03.224|WARN| NodeLocator is not defined|Couchbase.Core.ClusterController| 2020/09/08 18:05:03.224|DEBUG|Trying to bootstrap with Couchbase.Configuration.Server.Providers.Streaming.HttpStreamingProvider. |Couchbase.Core.ClusterController| 2020/09/08 18:05:04.796|INFO|Using network type: 'auto' |Couchbase.Configuration.Server.Providers.ConfigProviderBase| 2020/09/08 18:05:04.796|INFO|Bootstrapping from https://localhost:8091/pools |Couchbase.Configuration.Server.Providers.Streaming.HttpServerConfig| 2020/09/08 18:05:05.039|ERROR| The SSL connection could not be established, see inner exception.|Couchbase.Configuration.Server.Providers.Streaming.HttpServerConfig| 2020/09/08 18:05:05.068|WARN| Could not bootstrap from configured servers list.|Couchbase.Core.ClusterController| To be clear, the only way to enable TLS/SSL on SDK2 is to use: var config = new ClientConfiguration { UseSsl = true } -Jeff

          People

            Unassigned Unassigned
            craig.kovar Craig Kovar
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:

              Gerrit Reviews

                There are no open Gerrit changes

                PagerDuty