search

bwgjoseph / mongoose-vs-ottoman

feature comparison between mongoose and ottoman
0 stars 1 forks source link

Improvement to error message when connecting via SSL/TLS #81

Closed bwgjoseph closed 2 years ago

bwgjoseph commented 3 years ago

Verified the server cert and client cert authentication working for alpha.28.

Is there a way to see the connection logs in couchbase (i.e. connection attempts and which client / IP connected successfully for e.g.).

I also consolidated behaviors of the library when under following condition.

  1. Wrong Client cert/key pair 
    FATAL ERROR:
libcouchbase experienced an unrecoverable error and terminates the program
to avoid undefined behavior.
The program should have generated a "corefile" which may used
to gather more information about the problem.
If your system doesn't create "corefiles" I can tell you that the
assertion failed in C:\Jenkins\workspace\nodejs\couchnode\couchnode-scripted-build-pipeline\couchnode\deps\lcb\src\ssl\ssl_c.c at line 409
  2. Mismatched client cert/key or invalid file path specified: 
    
this._inst = new binding.Connection(
             ^

Error: LCB_ERR_SSL_ERROR (1002): A generic error related to the SSL subsystem was encountered. Enable logging to see more details at new Connection (D:\code\ottoman-test\node_modules\couchbase\lib\connection.js:129:18) at Cluster._getConn (D:\code\ottoman-test\node_modules\couchbase\lib\cluster.js:610:14) at new Bucket (D:\code\ottoman-test\node_modules\couchbase\lib\bucket.js:20:26) at Cluster.bucket (D:\code\ottoman-test\node_modules\couchbase\lib\cluster.js:482:12) at Ottoman.connect (D:\code\ottoman-test\node_modules\ottoman\lib\ottoman\ottoman.js:134:41) at Object. (D:\code\ottoman-test\index.js:16:28) at Module._compile (internal/modules/cjs/loader.js:1138:30) at Object.Module._extensions..js (internal/modules/cjs/loader.js:1158:10) at Module.load (internal/modules/cjs/loader.js:986:32) at Function.Module._load (internal/modules/cjs/loader.js:879:14) { code: 1002 }

  3. Mandatory Client Certificate required but none provided:

FATAL ERROR: libcouchbase experienced an unrecoverable error and terminates the program ... assertion failed in C:\Jenkins\workspace\nodejs\couchnode\couchnode-scripted-build-pipeline\couchnode\deps\lcb\src\ssl\ssl_c.c at line 409

  4. `trustedStorePath` pointing to a wrong CA
  ```sh
  Error: LCB_ERR_SSL_ERROR (1002): A generic error related to the SSL subsystem was encountered. Enable logging to see more details
...
  code: 1002

Originally posted by @deskoh in https://github.com/bwgjoseph/mongoose-vs-ottoman/issues/44#issuecomment-841570269

AV25242 commented 3 years ago

@deskoh have created a ticket in the underlying SDK for their investigation / fix. Once available in the underlying SDK this should work. Just a fyi.

AV25242 commented 2 years ago

We released Ottoman beta.9 today please verify

AV25242 commented 2 years ago

A fix was made in the underlying SDK, let us know if this reflects here.

bwgjoseph commented 2 years ago

@deskoh able to test this particular one? thanks

deskoh commented 2 years ago

ottoman.connect now returns a promise which rejects with the more informative error message now:

  1. Wrong Client cert/key pair
  2. Mismatched client cert/key or invalid file path specified:
  3. trustedStorePath pointing to a wrong CA 
    [Error: LCB_ERR_SSL_ERROR (1002): A generic error related to the SSL subsystem was encountered. Enable logging to see more details]
  1. Mandatory Client Certificate required but none provided: 
    AuthenticationFailureError: authentication failure