search

EventStore / EventStore

EventStoreDB, the event-native database. Designed for Event Sourcing, Event-Driven, and Microservices architectures
https://eventstore.com
Other
5.32k stars 643 forks source link

The client library ignores UseSslConnection=false when discovering servers (discover://) #2666

Closed Thiez closed 4 years ago

Thiez commented 4 years ago

Describe the bug The 20.6.0 version of the EventStore.Client library will attempt to access the /gossip endpoint on eventstores over SSL even when the connectionstring explicitly disables SSL. This bug is new in 20.6.0 and not present in 5.0.9.

To Reproduce

  1. Create an eventstore connection using the following connectionstring: "ConnectTo=discover://<address>; UseSslConnection=false"
  2. Call `ConnectAsync()

Expected behavior The library should access the /gossip endpoint over an unencrypted connection, find an instance to connect to.

Actual behavior The library fails to discover anything because it attempts to use SSL and the server does not expect it.

EventStore details

Additional context A direct connection (using "ConnectTo=tcp://<address>;UseSslConnection=false") works as expected. In addition, when adding the address in code using SetGossipSeedEndPoints it is possible to pass falseas the seedOverTls property, then it also works. But I couldn't find a way to get this to work with a connectionstring.

alexeyzimarev commented 4 years ago

I can't find the 20.0.9 EventStore.Client anywhere, is that the correct version you mentioned?

EventStoreDB 20.6 only runs in secure mode and whilst you can disable TLS for TCP, the gossip protocol only uses HTTP(S). So, 20.6.0 cannot gossip on plain HTTP, it requires HTTPS. That's why the single-node connection works since it doesn't need to gossip.

There's some updated documentation about the gossip and how it works in the new docs.

The first version of both server and client that will support running without HTTPS is 20.6.1.

alexeyzimarev commented 4 years ago

@Thiez do you need to follow up on this issue?

Thiez commented 4 years ago

I see I got the version incorrect in my bug description, it was 20.6. For now we will roll back to 5.0.9 of the client library, and keep running the old server (v5.0.8). This bug will make it more difficult to us to eventually update, since the client and server will have to be upgraded all at once. But it's not a high priority for now :)

alexeyzimarev commented 4 years ago

It is not a bug, as I mentioned previously, 20.6.0 only supports HTTPS. With 20.6.1 you can run ESDB node or cluster in insecure mode. Also, v5 client is compatible with both 20.6 and 20.6.1 over TCP but for 20.6 it must use HTTPS for gossip.

Thiez commented 4 years ago

I guess I'll close this then.