Trying to use Python to connect via TLS to Couchbase Server

Python SDK
1

Hi,

I’m trying to use the Python SDK (2.5.1) to try to connect to Couchbase 5.5.2 using TLS. As there isn’t a lot of information online, I found bits and pieces here and there. So I want to ask some questions in hopes to get a better understanding.

Using the example found here (https://docs.couchbase.com/python-sdk/2.5/sdk-authentication-overview.html), I created all of my certificates (client side - client.pem, trust.pem, client.key; plus all server side). I get the following error:

Traceback (most recent call last):
  File "test2.py", line XX, in <module>
    authenticator = CertAuthenticator(cluster_username="Administrator", cluster_password="password", **options)
TypeError: __init__() got an unexpected keyword argument 'certpath'

Looking at the couchbase/cluster.pycode, it seems that CertAuthenticator should be taking in cert_path, trust_store_path, and key_path instead. Using those I get warnings where auth_credential and CertAuthenticator options overlap on keys.

I then looked at another example from /couchbaselabs/devguide-examples/python/connecting-ssl.py where I can use the Bucket object (http://docs.couchbase.com/sdk-api/couchbase-python-client-2.5.1/api/couchbase.html) to access the bucket directly by passing in the certpath, truststorepath, and keypath.

cb = Bucket("couchbases://172.17.0.1/MYBUCKET?certpath=/SSLCA/clientdir/client.pem&truststorepath=/SSLCA/clientdir/trust.pem&keypath=/SSLCA/clientdir/client.key")

However, I then get the error of:

couchbase.exceptions.LCB_0x37 (generated, catch: CouchbaseFatalError): <RC=0x37[Client could not verify server's certificate], There was a problem while trying to send/receive your request over the network. This may be a result of a bad network or a misconfigured client or server, C Source=(src/bucket.c,1066)>

Background info:

  • Using Python 3.6 in CentOS7.3
  • Installed libcouchbase-devel libcouchbase2-bin libcouchbase2-libevent libcouchbase2-libev libcouchbase2-core gcc gcc-c++
  • Pip installed couchbase
  • I read somewhere that there is supposed to be a compiled option for libcouchbase to use SSL? Not sure if that was n old version of the C SDK. I did not do anything beyond yum installing it.
  • Certificates was generated from provided code in /devguide-examples/etc/x509-cert (from GitHub). No error in generating the certificates.
  • Not using CertAuthenticator and just regular couchbase:// context works fine. It’s CertAuthenticator plus couchbases:// (or using the Bucket object to access directly) is creating the challenge.

Any idea or sample code that works?

Thank you.
Regards, Steve