CBG-738: Support use of cacert without certpath/keypath for DCP bootstrap #4538
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
During DCP setup, SG/cbdatasource makes an initial bucket connection, then opens the DCP streams. The initial bucket connection only specifies the cacert if an x.509 cert is also specified (certpath/keypath). If a certpath isn't specified, the cacert isn't provided, and InsecureSkipVerify is set to true. However, the subsequent 'open stream' requests use the cacert and set InsecureSkipVerify=false, even if certpath/keypath isn't specified. The initial bootstrap should be fixed to use the same approach and change needs to be applied at the below three places:
While creating CBGT index definitions for the specified buckets
createCBGTIndex: https://github.com/couchbase/sync_gateway/blob/master/base/dcp_sharded.go#L129
While starting the DCP feed
StartDCPFeed: https://github.com/couchbase/sync_gateway/blob/master/base/dcp_receiver.go#L285
StartCbgtCbdatasourceFeed: https://github.com/couchbase/sync_gateway/blob/master/base/dcp_dest.go#L446