I’m trying to use the Python SDK (2.5.1) to try to connect to Couchbase 5.5.2 using TLS. As there isn’t a lot of information online, I found bits and pieces here and there. So I want to ask some questions in hopes to get a better understanding.
Using the example found here (https://docs.couchbase.com/python-sdk/2.5/sdk-authentication-overview.html), I created all of my certificates (client side - client.pem, trust.pem, client.key; plus all server side). I get the following error:
Traceback (most recent call last): File "test2.py", line XX, in <module> authenticator = CertAuthenticator(cluster_username="Administrator", cluster_password="password", **options) TypeError: __init__() got an unexpected keyword argument 'certpath'
Looking at the
couchbase/cluster.pycode, it seems that
CertAuthenticator should be taking in
key_path instead. Using those I get warnings where
auth_credential and CertAuthenticator options overlap on keys.
I then looked at another example from
/couchbaselabs/devguide-examples/python/connecting-ssl.py where I can use the
Bucket object (http://docs.couchbase.com/sdk-api/couchbase-python-client-2.5.1/api/couchbase.html) to access the bucket directly by passing in the
cb = Bucket("couchbases://172.17.0.1/MYBUCKET?certpath=/SSLCA/clientdir/client.pem&truststorepath=/SSLCA/clientdir/trust.pem&keypath=/SSLCA/clientdir/client.key")
However, I then get the error of:
couchbase.exceptions.LCB_0x37 (generated, catch: CouchbaseFatalError): <RC=0x37[Client could not verify server's certificate], There was a problem while trying to send/receive your request over the network. This may be a result of a bad network or a misconfigured client or server, C Source=(src/bucket.c,1066)>
- Using Python 3.6 in CentOS7.3
libcouchbase-devel libcouchbase2-bin libcouchbase2-libevent libcouchbase2-libev libcouchbase2-core gcc gcc-c++
- Pip installed couchbase
- I read somewhere that there is supposed to be a compiled option for libcouchbase to use SSL? Not sure if that was n old version of the C SDK. I did not do anything beyond yum installing it.
- Certificates was generated from provided code in
/devguide-examples/etc/x509-cert(from GitHub). No error in generating the certificates.
- Not using
CertAuthenticatorand just regular
couchbase://context works fine. It’s
couchbases://(or using the
Bucketobject to access directly) is creating the challenge.
Any idea or sample code that works?