Skip to content

[Bug] tlsTrustCertsFilePath does not work for OAuth2 authentication #363

New issue
New issue
Closed
#364
Closed
[Bug] tlsTrustCertsFilePath does not work for OAuth2 authentication#363
#364
@BewareMyPower

Description

@BewareMyPower
BewareMyPower
opened on Dec 5, 2023

Search before asking

  • I searched in the issues and found nothing similar.

Version

OS: macOS m1
Client: https://archive.apache.org/dist/pulsar/pulsar-client-cpp-3.4.1/

Minimal reproduce step

The same reproduce steps with #184

What did you expect to see?

What did you see instead?

Even if setTlsTrustCertsFilePath is configured, the OAuth2 authentication will still fail.

2023-12-05 15:30:28.066 ERROR [0x16d9c7000] AuthOauth2:390 | Response failed for issuerurl <...>. ErrorCode 60: SSL certificate problem: unable to get local issuer certificate passedin:

Anything else?

It's a regression brought by #313, the tlsTrustCertsFilePath config didn't work for OAuth2.

pulsar-client-cpp/lib/auth/AuthOauth2.cc

Line 346 in 63d494f

curl.get(tokenEndPoint_, "Content-Type: application/x-www-form-urlencoded", options, nullptr);

The last argument is nullptr, i.e. CurlWrapper does not load any CA certs for AuthOauth2::authenticate.

While you can see it's applied in

pulsar-client-cpp/lib/auth/AuthOauth2.cc

Lines 232 to 237 in 63d494f

if (!tlsTrustCertsFilePath_.empty()) {
tlsContext.reset(new CurlWrapper::TlsContext);
tlsContext->trustCertsFilePath = tlsTrustCertsFilePath_;
}
auto result = curl.get(wellKnownUrl, "Accept: application/json", {}, tlsContext.get());

Are you willing to submit a PR?

  • I'm willing to submit a PR!

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions