Uploaded image for project: 'Couchbase PHP client library'
  1. Couchbase PHP client library
  2. PCBC-544

Missing CertAuthenticator

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.5.0
    • Component/s: None
    • Labels:
      None

      Description

      To align with the client cert RFC and to handle all the proper error handling scenarios the PHP SDK should implement the CertAuthenticator (singleton, likely.)

        Attachments

          Issue Links

          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

            Activity

            Hide
            avsej Sergey Avseyev added a comment -

            Libcouchbase initializes SSL on lcb_create, so it is not possible to use authenticator interface, which set after lcb_create. So all parameters have to be passed through connection string.

            Show
            avsej Sergey Avseyev added a comment - Libcouchbase initializes SSL on lcb_create, so it is not possible to use authenticator interface, which set after lcb_create. So all parameters have to be passed through connection string.
            Hide
            daschl Michael Nitschinger added a comment -

            Node also implements the CertAuthenticator - it is not needed for lcb_create but then afterwards when you call openBucket and related to check if the provided combinations are valid?

            Show
            daschl Michael Nitschinger added a comment - Node also implements the CertAuthenticator - it is not needed for lcb_create but then afterwards when you call openBucket and related to check if the provided combinations are valid?
            Hide
            avsej Sergey Avseyev added a comment -

            yes, you can create authenticator, but what you are going to check without cluster or bucket object?

            the parameters passed through connection string, you cannot create neither bucket nor cluster object without connection string, and it it looks like I need to introduce extra entity (cert authenticator), which will bring the confusion, but after that I have to fight this confusion by throwing exceptions if user still want to pass certificates in the connection string.

            I really think that this is just implementation details, because SSL certificates are not really like authenticators, because they have to be provided before initializing the lcb_t instance, and cannot be overriden later (like the SDK says).

            Show
            avsej Sergey Avseyev added a comment - yes, you can create authenticator, but what you are going to check without cluster or bucket object? the parameters passed through connection string, you cannot create neither bucket nor cluster object without connection string, and it it looks like I need to introduce extra entity (cert authenticator), which will bring the confusion, but after that I have to fight this confusion by throwing exceptions if user still want to pass certificates in the connection string. I really think that this is just implementation details, because SSL certificates are not really like authenticators, because they have to be provided before initializing the lcb_t instance, and cannot be overriden later (like the SDK says).
            Hide
            daschl Michael Nitschinger added a comment -

            So how do you handle a situation as described in PCBC-546 for example? Preventing the mixed auth modes

            Show
            daschl Michael Nitschinger added a comment - So how do you handle a situation as described in PCBC-546 for example? Preventing the mixed auth modes

              People

              • Assignee:
                avsej Sergey Avseyev
                Reporter:
                daschl Michael Nitschinger
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Gerrit Reviews

                  There are no open Gerrit changes

                    PagerDuty

                    Error rendering 'com.pagerduty.jira-server-plugin:PagerDuty'. Please contact your Jira administrators.