raulmartinezr opened a new issue #2966: URL: https://github.com/apache/couchdb/issues/2966
[NOTE]: # ( ^^ Provide a general summary of the issue in the title above. ^^ ) ## Description I try to configure client certificate authentication in the following scenario with couchDB 3.1.0 "Server" -> CouchDB (single-node) "Client" -> CouchDB (single-node) where I configure bidirecctional replication, to and from server Couch DB (push+pull) But it's failing. Messages found in logs.... Client couchdb instance (the side which manages replication) TLS client: In state cipher received SERVER ALERT: Fatal - Unknown CA Server couchdb instance TLS server: In state certify received CLIENT ALERT: Fatal - Handshake Failure ## Steps to Reproduce - Configure client and server couchDB instances as described in environment - Configure replication in client instance (bidirecctional, push and pull) - Replication fails ## Expected Behaviour Replication should work. I tested connectivity with curl and openssl with the same setup, and both are working ```bash sudo curl --url https://192.168.1.66:6984/database/ \ --key /opt/couchdb/etc/ssl/node-71.client.key.pem \ --cert /opt/couchdb/etc/ssl/node-71.client.cert.pem \ --cacert /opt/couchdb/etc/ssl/ca-chain.cert.pem --insecure {"error":"unauthorized","reason":"You are not authorized to access this db."} ``` ```bash sudo openssl s_client -connect 192.168.1.66:6984 \ -key /opt/couchdb/etc/ssl/node-71.client.key.pem \ -cert /opt/couchdb/etc/ssl/node-71.client.cert.pem \ -CAfile /opt/couchdb/etc/ssl/ca-chain.cert.pem CONNECTED(00000005) ``` ## Your Environment Client [ssl] enable = true cert_file = /opt/couchdb/etc/ssl/node-71.server.cert.pem key_file = /opt/couchdb/etc/ssl/node-71.server.key.pem verify_ssl_certificates = true fail_if_no_peer_cert = false cacert_file = /opt/couchdb/etc/ssl/ca-chain.cert.pem [replicator] cert_file = /opt/couchdb/etc/ssl/node-71.client.cert.pem key_file = /opt/couchdb/etc/ssl/node-71.client.key.pem ;# Avoid hostanme check failed verify_ssl_certificates = false ssl_trusted_certificates_file = /opt/couchdb/etc/ssl/ca-chain.cert.pem ssl_certificate_max_depth = 5 Server [ssl] enable = true cert_file = /opt/couchdb/etc/ssl/node-66.server.cert.pem key_file = /opt/couchdb/etc/ssl/node-66.server.key.pem verify_ssl_certificates = true fail_if_no_peer_cert = true cacert_file = /opt/couchdb/etc/ssl/ca-chain.cert.pem [replicator] cert_file = /opt/couchdb/etc/ssl/node-66.client.cert.pem key_file = /opt/couchdb/etc/ssl/node-66.client.key.pem verify_ssl_certificates = false ssl_trusted_certificates_file = /opt/couchdb/etc/ssl/ca-chain.cert.pem * CouchDB version used: 3.1.0 * Browser name and version: * Operating system and version: Ubuntu 18.04 ## Additional Context [TIP]: # ( Add any other context about the problem here. ) ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org