Uploaded image for project: 'Couchbase PHP client library'
  1. Couchbase PHP client library
  2. PCBC-544

Missing CertAuthenticator

    XMLWordPrintable

Details

    • Bug
    • Status: Resolved
    • Blocker
    • Resolution: Fixed
    • None
    • 2.5.0
    • None
    • None
    • 1

    Description

      To align with the client cert RFC and to handle all the proper error handling scenarios the PHP SDK should implement the CertAuthenticator (singleton, likely.)

      Attachments

        Issue Links

          blocks

          Bug - A problem which impairs or prevents the functions of the product. PCBC-545 CertAuthenticator must be required when certpath/keypath used

          • Major - Major loss of function.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. PCBC-546 If cert auth is used, forbid bucket password

          • Major - Major loss of function.
          • Resolved
          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            Ascending order - Click to sort in descending order
            avsej Sergey Avseyev added a comment -

            Libcouchbase initializes SSL on lcb_create, so it is not possible to use authenticator interface, which set after lcb_create. So all parameters have to be passed through connection string.

            avsej Sergey Avseyev added a comment - Libcouchbase initializes SSL on lcb_create, so it is not possible to use authenticator interface, which set after lcb_create. So all parameters have to be passed through connection string.
            daschl Michael Nitschinger added a comment -

            Node also implements the CertAuthenticator - it is not needed for lcb_create but then afterwards when you call openBucket and related to check if the provided combinations are valid?

            daschl Michael Nitschinger added a comment - Node also implements the CertAuthenticator - it is not needed for lcb_create but then afterwards when you call openBucket and related to check if the provided combinations are valid?
            avsej Sergey Avseyev added a comment -

            yes, you can create authenticator, but what you are going to check without cluster or bucket object?

            the parameters passed through connection string, you cannot create neither bucket nor cluster object without connection string, and it it looks like I need to introduce extra entity (cert authenticator), which will bring the confusion, but after that I have to fight this confusion by throwing exceptions if user still want to pass certificates in the connection string.

            I really think that this is just implementation details, because SSL certificates are not really like authenticators, because they have to be provided before initializing the lcb_t instance, and cannot be overriden later (like the SDK says).

            avsej Sergey Avseyev added a comment - yes, you can create authenticator, but what you are going to check without cluster or bucket object? the parameters passed through connection string, you cannot create neither bucket nor cluster object without connection string, and it it looks like I need to introduce extra entity (cert authenticator), which will bring the confusion, but after that I have to fight this confusion by throwing exceptions if user still want to pass certificates in the connection string. I really think that this is just implementation details, because SSL certificates are not really like authenticators, because they have to be provided before initializing the lcb_t instance, and cannot be overriden later (like the SDK says).
            daschl Michael Nitschinger added a comment -

            So how do you handle a situation as described in PCBC-546 for example? Preventing the mixed auth modes

            daschl Michael Nitschinger added a comment - So how do you handle a situation as described in PCBC-546 for example? Preventing the mixed auth modes

            People

              avsej Sergey Avseyev
              daschl Michael Nitschinger
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes

                  PagerDuty