Describe the bug
Error Message is confusing when the private CA is not trusted & using discovery or gossip seed
with a connection like esdb+discover://[SomeDomain]:2113 or esdb://[node1]:2113,[node2]:2113,[node3]:2113
It says Failed to discover candidate in 10 attempts.
while actually the certificate chain is not trusted
To Reproduce
Steps to reproduce the behavior:
create a 3 node cluster with a private CA
do NOT trust the root ca
append / read an event with the C# client
Expected behavior
An error message telling the problem is that the certificate presented by the node is not trusted .
and that either the root CA should be added to the trusted store certificates or tlsVerifyCert=false added to the connection string
some details about the problematic certificate
Actual behavior
Error message is
Unhandled exception. EventStore.Client.DiscoveryException: Failed to discover candidate in 10 attempts.
at EventStore.Client.GossipChannelSelector.DiscoverAsync(CancellationToken cancellationToken)
at EventStore.Client.GossipChannelSelector.SelectChannelAsync(CancellationToken cancellationToken)`
That error is confusing , as the first reason that would pop into one's mind is that the discovery failed due to some network problem or the cluster being down .
Config/Logs/Screenshots
EventStore details
EventStore server version: 22.10.0
Operating system: WIN 111
EventStore client version (if applicable): 22.0.0
Additional context
the error goes away when using esdb+discover://[SomeDomain]:2113?tlsVerifyCert=false but I wouldn't recommend that in a production scenario.
The client should be explicit about the problem to help diagnose & eventually give tips on how to solve
I guess this would be true for any root or certificate in the chain that would not be trusted.
Describe the bug Error Message is confusing when the private CA is not trusted & using discovery or gossip seed with a connection like
esdb+discover://[SomeDomain]:2113oresdb://[node1]:2113,[node2]:2113,[node3]:2113It saysFailed to discover candidate in 10 attempts.while actually the certificate chain is not trusted
To Reproduce Steps to reproduce the behavior:
Expected behavior An error message telling the problem is that the certificate presented by the node is not trusted . and that either the root CA should be added to the trusted store certificates or
tlsVerifyCert=falseadded to the connection stringActual behavior Error message is
That error is confusing , as the first reason that would pop into one's mind is that the discovery failed due to some network problem or the cluster being down .
Config/Logs/Screenshots
EventStore details
EventStore server version: 22.10.0
Operating system: WIN 111
EventStore client version (if applicable): 22.0.0
Additional context the error goes away when using
esdb+discover://[SomeDomain]:2113?tlsVerifyCert=falsebut I wouldn't recommend that in a production scenario. The client should be explicit about the problem to help diagnose & eventually give tips on how to solveI guess this would be true for any root or certificate in the chain that would not be trusted.