CouchDB
  1. CouchDB
  2. COUCHDB-1325

verify_ssl_certificates in local.ini's [ssl] section doesn't work?

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: 1.2
    • Fix Version/s: 1.2
    • Component/s: None
    • Labels:
      None

      Description

      The shipped local.ini has this:
      [ssl]
      verify_ssl_certificates = false

      When I add a cert_file and a key_file, and enable https in [daemons], couchdb refuses to start:
      "Verify SSL certificate enabled but file containing PEM encoded CA certificates is missing".

      The funny thing is that CouchDB doesn't refuse to start when the "verify_ssl_certificates" line is commented out.

      1. couchdb-1325.patch
        0.7 kB
        Filipe Manana
      2. debug_run.log
        14 kB
        Rogutės Sparnuotos

        Activity

        Hide
        Rogutės Sparnuotos added a comment -

        Full log from the problematic run for general amusement (one can't stop being charmed by erlang's/couchdb's error reports).

        Show
        Rogutės Sparnuotos added a comment - Full log from the problematic run for general amusement (one can't stop being charmed by erlang's/couchdb's error reports).
        Hide
        Dave Cottlehuber added a comment -

        I believe that this is referring to the lack of a chain of validated certificates back to the root CA. I suggest you check http://www.rabbitmq.com/ssl.html#configure-erlang and see if you can export a suitable PEM cert file from one of the browsers, if your CA provider doesn't have one.

        Show
        Dave Cottlehuber added a comment - I believe that this is referring to the lack of a chain of validated certificates back to the root CA. I suggest you check http://www.rabbitmq.com/ssl.html#configure-erlang and see if you can export a suitable PEM cert file from one of the browsers, if your CA provider doesn't have one.
        Hide
        Filipe Manana added a comment -

        I had this same issue some time ago while making some tests with ssl enabled, didn't fixed it however. The change is trivial.

        Here's the patch.

        Show
        Filipe Manana added a comment - I had this same issue some time ago while making some tests with ssl enabled, didn't fixed it however. The change is trivial. Here's the patch.
        Hide
        Filipe Manana added a comment -

        Fix applied to master and branch 1.2.x

        Show
        Filipe Manana added a comment - Fix applied to master and branch 1.2.x

          People

          • Assignee:
            Unassigned
            Reporter:
            Rogutės Sparnuotos
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development