Connect with C client through SSL


#1

Hi,

I am trying to configure my C couchbase client to connect to the server through SSL. The server is correctly configured for SSL and I have downloaded the certificate on the client side. But every time I get a: Received code 0x13 (Operation not supported).

Here’s what I did: I set the environment variable LCB_SSL_CACERT to the path of my certificate, which looks like this.

LCB_SSL_CACERT=/etc/adeya/cert/couchbase.pem

And then in the code I tried both:

err = lcb_cntl_string(instance, "certpath", "/etc/folder/cert/couchbase.pem");

and:

const char host[] = "couchbases://192.168.130.10/secureTextDB?ca_path=/etc/folder/cert/couchbase.pem"; create_options.version = 3; create_options.v.v3.connstr = host; err = lcb_create(&instance, &create_options);

Both tests return the same error. Operation not supported.

I tested my instance for SSL MODE and it seems to be ok:

err = lcb_cntl(instance, LCB_CNTL_GET, LCB_CNTL_SSL_MODE, &ssl_opts); Returns LCB_SSL_ENABLED.

Any clue what I did wrong ?


#2

The naming of the SSL parameters was changed in version 2.4.1:

  • ca_path has been changed to certpath
  • The environment variable is not a documented way of modifying SSL settings
  • Using lcb_cntl_string here is not going to work, since the SSL settings must be applied early on during handle creation, thus it must be set in the connection string.

See http://docs.couchbase.com/sdk-api/couchbase-c-client-2.4.2/group__lcb__initialization.html for more details.

Hope this helps.