mobile-couchbase https security ?

201 views
Skip to first unread message

Rodney Degracia

unread,
Jan 11, 2012, 2:14:27 PM1/11/12
to mobile-c...@googlegroups.com

I had downloaded the latest mobile- couchdb 2.0 and also the latest grocery demo app for iOS. I also signed up for a free CouchDB account with Cloudant.

I installed the mobile- couchdb as specified by the instructions and then used the following URL to connect to my database (but got replication errors): https://name:pass...@mysite.cloudant.com/grocerydb


When I replace https with http, the replication works correctly.


I am disappointed that https does not appear to work out of the box and I am not sure if the lack of https support is specific to mobile-couchdb or couchcocoa or specific to Cloudant.

I think it is insane to send passwords in the clear using http, especially if that password allows direct access to a distributed/replicated shared store such as couchdb.


Does anyone have any insight or work arounds ? Does someone know why https would not be supported ?


Rodney Degracia
rdeg...@gmail.com

Jens Alfke

unread,
Jan 11, 2012, 5:17:40 PM1/11/12
to mobile-c...@googlegroups.com

On Jan 11, 2012, at 11:14 AM, Rodney Degracia wrote:

I installed the mobile- couchdb as specified by the instructions and then used the following URL to connect to my database (but got replication errors):    https://name:pass...@mysite.cloudant.com/grocerydb
When I replace https with http, the replication works correctly.
I am disappointed that https does not appear to work out of the box and I am not sure if the lack of https support is specific to mobile-couchdb or couchcocoa or specific to Cloudant.  

It’s an issue with Couchbase Mobile, specifically with SSL certificate validation. Erlang has its own SSL implementation, and on iOS there wasn’t a feasible way to tie it into the OS’s database of trusted root certs. So if you want to make SSL connections, you’ll need to get a copy of the necessary root certs, put them in a “CouchbaseTrustedCerts.pem” file, and build that file into your app so it ends up in the app bundle where Couchbase can find it. (If you want to see an example, the “Empty App” target in the Couchbase Mobile project does this.)

Sorry that this is kind of a pain, but the only alternative seemed to be to rip out the Erlang SSL implementation and write a new one that bridged to the iOS SecureTransport framework; and that appeared to be very difficult so we didn’t go down that path.

—Jens
Reply all
Reply to author
Forward
0 new messages