Error: protocol_error (1004) with tutorial

Couchbase Capella
1

I’m new to Couchbase and Netlify and I’m trying to follow this tutorial:

When I run ‘netlify dev’ the web app opens on my Mac but there is an error. When I run the get_airlines function directly it says “Error: protocol_error (1004)”.

I’ve checked that my cluster (forgivingthomasekurtz) is up and running, and my COUCHBASE_ENDPOINT and other variables appear to be correct. I would appreciate any suggestions for how I can further debug this protocol error.

Thanks,
Andy

2

protocol_error can be an error decoding a response. Make sure your client is allowed by Allowed IP addresses.

Please show what you have. Your client should be able to get DNS SRV records for _couchbases._tcp.<COUCHBASE_ENDPOINT>

% nslookup
> set TYPE=SRV
> _couchbases._tcp.<COUCHBASE_ENDPOINT>
...
3

Per the tutorial, I think I have my Couchbase cluster set to allow any IP address:

0.0.0.0/0

Here is the output from the commands you supplied:

$ nslookup

set TYPE=SRV
_couchbases._tcp.cb.pnrv3-n4t36xutnv.cloud.couchbase.com
Server: 2600:4040:5ae9:4a00::1
Address: 2600:4040:5ae9:4a00::1#53

Non-authoritative answer:
_couchbases._tcp.cb.pnrv3-n4t36xutnv.cloud.couchbase.com service = 0 0 11207 svc-dqis-node-001.pnrv3-n4t36xutnv.cloud.couchbase.com.

Authoritative answers can be found from:

I’m not sure how to interpret that output…
Thanks for your help so far,
Andy

4

Does this openssl command give back a response that ends with “read R BLOCK”? You’ll need to control-c to break out of it. Are there any complaints in the output other than “self-signed certificate in certificate chain” ?

 % openssl s_client -connect svc-dqis-node-001.pnrv3-n4t36xutnv.cloud.couchbase.com:11207
Connecting to 18.188.179.32
CONNECTED(00000005)
depth=1 O=Couchbase, OU=Cloud
verify error:num=19:self-signed certificate in certificate chain
verify return:1
depth=1 O=Couchbase, OU=Cloud
verify return:1
depth=0 C=US, ST=CA, O=Couchbase, OU=Cloud, CN=*.pnrv3-n4t36xutnv.cloud.couchbase.com
verify return:1
---
Certificate chain
 0 s:C=US, ST=CA, O=Couchbase, OU=Cloud, CN=*.pnrv3-n4t36xutnv.cloud.couchbase.com
   i:O=Couchbase, OU=Cloud
   a:PKEY: RSA, 2048 (bit); sigalg: sha512WithRSAEncryption
   v:NotBefore: Dec 29 20:27:27 2024 GMT; NotAfter: Dec 29 21:27:27 2025 GMT
 1 s:O=Couchbase, OU=Cloud
   i:O=Couchbase, OU=Cloud
   a:PKEY: RSA, 2048 (bit); sigalg: sha256WithRSAEncryption
   v:NotBefore: Dec  6 22:12:59 2019 GMT; NotAfter: Dec  6 23:12:59 2029 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIID3zCCAsegAwIBAgIQVO76yLa6qV3CDPIjMlhjkzANBgkqhkiG9w0BAQ0FADAk
MRIwEAYDVQQKDAlDb3VjaGJhc2UxDjAMBgNVBAsMBUNsb3VkMB4XDTI0MTIyOTIw
MjcyN1oXDTI1MTIyOTIxMjcyN1owbzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNB
MRIwEAYDVQQKEwlDb3VjaGJhc2UxDjAMBgNVBAsTBUNsb3VkMS8wLQYDVQQDDCYq
LnBucnYzLW40dDM2eHV0bnYuY2xvdWQuY291Y2hiYXNlLmNvbTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAKmAttbD80tDargYtYtd2cyjU3y3WySBCGhG
C4QFHuahV6c6bRdAZINRathOE2x4NJ/Kvn7NU+CAVEpaNtnM4jvN6r6lEpJLNE59
aL2MA1vfTqAG/sNXBAkpT5GgduRSXwxJ/2NgO8PyUpFYrax4oeJ/d88WO4F5zm8M
JgyImNFtFo5m2V2OwPSwsd2U7lv3lBNPOwN8i/KHIHPJ49VmssKdWgnLcoWbk9TF
OVmaZqGf4Zd8PryLJLljhuj3upDR7C7BhB70zk8shzfW7FV8U5QdZi/2qXSXKYXI
84Yi8+01mr0W6POqvOurpipiUCKPRUCyuRkU2qgW9MRljA56vS0CAwEAAaOBwTCB
vjBCBgNVHREEOzA5giYqLnBucnYzLW40dDM2eHV0bnYuY2xvdWQuY291Y2hiYXNl
LmNvbYIJbG9jYWxob3N0hwR/AAABMAkGA1UdEwQCMAAwHwYDVR0jBBgwFoAUlA4E
++uRTYifVKOjG33tfLz5wo0wHQYDVR0OBBYEFCpFYq1DB+LzG2ArgWaEVXkLoaIE
MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
DQYJKoZIhvcNAQENBQADggEBAG5WYazsKJIT8qUKQMzphuss+Kzf1o35HiI5pGqp
CH/qCvMG/Nnmf7mEo75WJZ6YVGer7rE5em7sG8yuItUbZKgeMgkRbH1e9mi3TLnY
00g9e2taYOUrEH76xxST5ZUyF2uuNt8pwek8InhB9/wjaTguh0TEDwZrTTm0eF9f
PYEx80pn75f0KVN0fl1bxHLnpeJM68WSi/XNxWFgMfJSogAf+aQaksR7gIa7bHFc
JXT0LoftIbyoLi130UYKuVv2FmM+KHEMfFC3eKxYmJ3nxnI8TRwWTPS0tUXEpmOm
bun+K1gnd2q+wqxBgtZot5fEP+oiuPmmc7oGdym8gyTUHUg=
-----END CERTIFICATE-----
subject=C=US, ST=CA, O=Couchbase, OU=Cloud, CN=*.pnrv3-n4t36xutnv.cloud.couchbase.com
issuer=O=Couchbase, OU=Cloud
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: rsa_pss_rsae_sha256
Peer Temp Key: X25519, 253 bits
---
SSL handshake has read 2349 bytes and written 1667 bytes
Verification error: self-signed certificate in certificate chain
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Protocol: TLSv1.3
Server public key is 2048 bit
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 19 (self-signed certificate in certificate chain)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: CD0E262ECD29B9706E19E96F63A88BD0DB737F32A158D147D369535B764879A8
    Session-ID-ctx: 
    Resumption PSK: 6041B7D96CE3727AB8EC5916298C072B092DA599D96F06429F613A1599FF70C548499AC50348032C22998D8FCAF234E3
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 7200 (seconds)
    TLS session ticket:
    0000 - da 0e 89 96 48 e1 ee f0-97 47 37 c6 37 32 5c 41   ....H....G7.72\A
    0010 - b5 b1 0b f6 92 42 f6 be-a2 3e 70 bb 76 79 27 9e   .....B...>p.vy'.

    Start Time: 1749075776
    Timeout   : 7200 (sec)
    Verify return code: 19 (self-signed certificate in certificate chain)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: 899E86BD256ED6D913B61ED631E9090E5E5D8FFBFD72A57C6669781920DF80AF
    Session-ID-ctx: 
    Resumption PSK: 839685F03F0FD25430C9E2141D57677C88D5001C8EFA5BE5C7318A08AAE69425477801DC56FDDE8B303BBD90999B9B2F
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 7200 (seconds)
    TLS session ticket:
    0000 - 71 ec 4e 42 9d 24 c2 8c-ac 72 99 03 46 eb c2 79   q.NB.$...r..F..y
    0010 - 50 f5 0a 84 de 8b cb 2f-28 52 36 45 26 2a 0b 90   P....../(R6E&*..

    Start Time: 1749075776
    Timeout   : 7200 (sec)
    Verify return code: 19 (self-signed certificate in certificate chain)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK
5

I get the same output as you, ending with “read R BLOCK”. I take it that means there is no problem connecting to the Couchbasse cluster.

At this point I should mention that I did encounter some errors when running ‘npm install’. After some googling and installing additional packages, I eventually got the output of that command to be: “up to date, audited 156 packages in 5s”. I assumed that meant the dependencies had been satisfied, but I’m now wondering if something is broken.

I could provide more details but I’m wondering if the tutorial has more prerequisites that I’m not aware of or alternatively if there is another tutorial that might be an easier place to start.

Thanks for your help,
Andy

$ openssl s_client -connect svc-dqis-node-001.pnrv3-n4t36xutnv.cloud.couchbase.com:11207
CONNECTED(00000003)
depth=1 O = Couchbase, OU = Cloud
verify error:num=19:self-signed certificate in certificate chain
verify return:1
depth=1 O = Couchbase, OU = Cloud
verify return:1
depth=0 C = US, ST = CA, O = Couchbase, OU = Cloud, CN = *.pnrv3-n4t36xutnv.cloud.couchbase.com
verify return:1
---
Certificate chain
 0 s:C = US, ST = CA, O = Couchbase, OU = Cloud, CN = *.pnrv3-n4t36xutnv.cloud.couchbase.com
   i:O = Couchbase, OU = Cloud
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA512
   v:NotBefore: Dec 29 20:27:27 2024 GMT; NotAfter: Dec 29 21:27:27 2025 GMT
 1 s:O = Couchbase, OU = Cloud
   i:O = Couchbase, OU = Cloud
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Dec  6 22:12:59 2019 GMT; NotAfter: Dec  6 23:12:59 2029 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIID3zCCAsegAwIBAgIQVO76yLa6qV3CDPIjMlhjkzANBgkqhkiG9w0BAQ0FADAk
MRIwEAYDVQQKDAlDb3VjaGJhc2UxDjAMBgNVBAsMBUNsb3VkMB4XDTI0MTIyOTIw
MjcyN1oXDTI1MTIyOTIxMjcyN1owbzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNB
MRIwEAYDVQQKEwlDb3VjaGJhc2UxDjAMBgNVBAsTBUNsb3VkMS8wLQYDVQQDDCYq
LnBucnYzLW40dDM2eHV0bnYuY2xvdWQuY291Y2hiYXNlLmNvbTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAKmAttbD80tDargYtYtd2cyjU3y3WySBCGhG
C4QFHuahV6c6bRdAZINRathOE2x4NJ/Kvn7NU+CAVEpaNtnM4jvN6r6lEpJLNE59
aL2MA1vfTqAG/sNXBAkpT5GgduRSXwxJ/2NgO8PyUpFYrax4oeJ/d88WO4F5zm8M
JgyImNFtFo5m2V2OwPSwsd2U7lv3lBNPOwN8i/KHIHPJ49VmssKdWgnLcoWbk9TF
OVmaZqGf4Zd8PryLJLljhuj3upDR7C7BhB70zk8shzfW7FV8U5QdZi/2qXSXKYXI
84Yi8+01mr0W6POqvOurpipiUCKPRUCyuRkU2qgW9MRljA56vS0CAwEAAaOBwTCB
vjBCBgNVHREEOzA5giYqLnBucnYzLW40dDM2eHV0bnYuY2xvdWQuY291Y2hiYXNl
LmNvbYIJbG9jYWxob3N0hwR/AAABMAkGA1UdEwQCMAAwHwYDVR0jBBgwFoAUlA4E
++uRTYifVKOjG33tfLz5wo0wHQYDVR0OBBYEFCpFYq1DB+LzG2ArgWaEVXkLoaIE
MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
DQYJKoZIhvcNAQENBQADggEBAG5WYazsKJIT8qUKQMzphuss+Kzf1o35HiI5pGqp
CH/qCvMG/Nnmf7mEo75WJZ6YVGer7rE5em7sG8yuItUbZKgeMgkRbH1e9mi3TLnY
00g9e2taYOUrEH76xxST5ZUyF2uuNt8pwek8InhB9/wjaTguh0TEDwZrTTm0eF9f
PYEx80pn75f0KVN0fl1bxHLnpeJM68WSi/XNxWFgMfJSogAf+aQaksR7gIa7bHFc
JXT0LoftIbyoLi130UYKuVv2FmM+KHEMfFC3eKxYmJ3nxnI8TRwWTPS0tUXEpmOm
bun+K1gnd2q+wqxBgtZot5fEP+oiuPmmc7oGdym8gyTUHUg=
-----END CERTIFICATE-----
subject=C = US, ST = CA, O = Couchbase, OU = Cloud, CN = *.pnrv3-n4t36xutnv.cloud.couchbase.com
issuer=O = Couchbase, OU = Cloud
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 2349 bytes and written 440 bytes
Verification error: self-signed certificate in certificate chain
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 19 (self-signed certificate in certificate chain)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: 5E87F21D891D1638C099AEB4D575EC3C6F5ADA8545E692F0C662FA024173BACB
    Session-ID-ctx: 
    Resumption PSK: 04BCE5DC0E91F0BDAABE13E02439B71FBE87A2406C6183A13627D1EEA6D9E0B1E5FE5B5869F2B93040A0606F41CC7EC8
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 7200 (seconds)
    TLS session ticket:
    0000 - 58 b9 c2 1b f4 95 c3 1e-85 d7 90 ac 57 52 59 5e   X...........WRY^
    0010 - 28 cf 24 9c 33 f9 a8 04-5c a2 a1 37 ca 07 91 6c   (.$.3...\..7...l

    Start Time: 1749313931
    Timeout   : 7200 (sec)
    Verify return code: 19 (self-signed certificate in certificate chain)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: C6090A1BD0E8F3618459D2D7DD6D1C868F3F710C20C5F9479B7545A0E60FD59A
    Session-ID-ctx: 
    Resumption PSK: ACEACA614E638A75886090D00D8D37CB90BC7ABF98341701862734C1E1EAA177BFA3AA2ADADF4A25CE71CCBD76278CC5
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 7200 (seconds)
    TLS session ticket:
    0000 - e2 d9 be fc 8d 2d 9e 0f-69 ff 12 4e 59 6d e0 1d   .....-..i..NYm..
    0010 - c8 3f cf 87 df d5 24 5a-b2 45 fc 0d b3 25 f4 87   .?....$Z.E...%..

    Start Time: 1749313931
    Timeout   : 7200 (sec)
    Verify return code: 19 (self-signed certificate in certificate chain)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK
6

That looks ok. You could try running SDK Doctor.