Uploaded image for project: 'Couchbase PHP client library'
  1. Couchbase PHP client library
  2. PCBC-544

Missing CertAuthenticator

    XMLWordPrintable

Details

    • Bug
    • Status: Resolved
    • Blocker
    • Resolution: Fixed
    • None
    • 2.5.0
    • None
    • None
    • 1

    Description

      To align with the client cert RFC and to handle all the proper error handling scenarios the PHP SDK should implement the CertAuthenticator (singleton, likely.)

      Attachments

        Issue Links

          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            Libcouchbase initializes SSL on lcb_create, so it is not possible to use authenticator interface, which set after lcb_create. So all parameters have to be passed through connection string.

            avsej Sergey Avseyev added a comment - Libcouchbase initializes SSL on lcb_create, so it is not possible to use authenticator interface, which set after lcb_create. So all parameters have to be passed through connection string.

            Node also implements the CertAuthenticator - it is not needed for lcb_create but then afterwards when you call openBucket and related to check if the provided combinations are valid?

            daschl Michael Nitschinger added a comment - Node also implements the CertAuthenticator - it is not needed for lcb_create but then afterwards when you call openBucket and related to check if the provided combinations are valid?

            yes, you can create authenticator, but what you are going to check without cluster or bucket object?

            the parameters passed through connection string, you cannot create neither bucket nor cluster object without connection string, and it it looks like I need to introduce extra entity (cert authenticator), which will bring the confusion, but after that I have to fight this confusion by throwing exceptions if user still want to pass certificates in the connection string.

            I really think that this is just implementation details, because SSL certificates are not really like authenticators, because they have to be provided before initializing the lcb_t instance, and cannot be overriden later (like the SDK says).

            avsej Sergey Avseyev added a comment - yes, you can create authenticator, but what you are going to check without cluster or bucket object? the parameters passed through connection string, you cannot create neither bucket nor cluster object without connection string, and it it looks like I need to introduce extra entity (cert authenticator), which will bring the confusion, but after that I have to fight this confusion by throwing exceptions if user still want to pass certificates in the connection string. I really think that this is just implementation details, because SSL certificates are not really like authenticators, because they have to be provided before initializing the lcb_t instance, and cannot be overriden later (like the SDK says).

            So how do you handle a situation as described in PCBC-546 for example? Preventing the mixed auth modes

            daschl Michael Nitschinger added a comment - So how do you handle a situation as described in PCBC-546 for example? Preventing the mixed auth modes

            People

              avsej Sergey Avseyev
              daschl Michael Nitschinger
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes

                  PagerDuty