-
Notifications
You must be signed in to change notification settings - Fork 62
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
MB-51962: Add support for internal server cert
Map email addresses internal@internal.couchbase.com to a user named @internal. This user does not have access to any buckets, and no privileges. Its sole purpose is to allow the internal components to connect to memcached over TLS when the encryption mode is set to mandatory. They would then have to authenticate to memcached by sing SASL. Change-Id: Icd521f60c9ffc303bd1b45d7a23db7a6b29351d5 Reviewed-on: https://review.couchbase.org/c/kv_engine/+/174348 Tested-by: Trond Norbye <trond.norbye@couchbase.com> Reviewed-by: Jim Walker <jim@couchbase.com>
- Loading branch information
Showing
8 changed files
with
152 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
subjectKeyIdentifier = hash | ||
authorityKeyIdentifier = keyid:always,issuer:always | ||
basicConstraints = CA:false | ||
extendedKeyUsage = clientAuth | ||
keyUsage = digitalSignature | ||
subjectAltName = @alt_names | ||
|
||
[ alt_names ] | ||
URI.1 = email:internal@internal.couchbase.com |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
[req] | ||
default_bits = 2048 | ||
prompt = no | ||
default_md = sha256 | ||
encrypt_key = no | ||
distinguished_name = dn | ||
|
||
[ dn ] | ||
C=NO | ||
O=Couchbase Inc | ||
OU=kv engine | ||
CN=internal system user |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters