search

dotnet / SqlClient

Microsoft.Data.SqlClient provides database connectivity to SQL Server for .NET applications.
MIT License
847 stars 282 forks source link

Error messages are not meaningful when target SQL server doesn't support 'Strict' encryption mode #1905

Open cheenamalhotra opened 1 year ago

cheenamalhotra commented 1 year ago

Describe the bug

With 'Strict' encryption is requested, error messages don't provide useful information to what went wrong.

  1. When connecting to a SQL Server 2019 instance that doesn't support 'Encrypt=Strict'

    Microsoft.Data.SqlClient.SqlException (0x80131904): The client was unable to establish a connection because of an error during connection initialization process before login. 
Possible causes include the following:  the client tried to connect to an unsupported version of SQL Server; the server was too busy to accept new connections; or there was a resource limitation (insufficient memory or maximum allowed connections) on the server. 
(provider: SSL Provider, error: 0 - The wait operation timed out.)
---> System.ComponentModel.Win32Exception (258): The wait operation timed out.
at Microsoft.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose)
at Microsoft.Data.SqlClient.TdsParser.EnableSsl(UInt32 info, SqlConnectionEncryptOption encrypt, Boolean integratedSecurity)
at Microsoft.Data.SqlClient.TdsParser.SendPreLoginHandshake(Byte[] instanceName, SqlConnectionEncryptOption encrypt, Boolean integratedSecurity)
at Microsoft.Data.SqlClient.TdsParser.Connect(ServerInfo serverInfo, SqlInternalConnectionTds connHandler, Boolean ignoreSniOpenTimeout, Int64 timerExpire, SqlConnectionString connectionOptions, Boolean withFailover)
...
Error Number:258,State:0,Class:20

  2. When connecting to a SQL Server 2022 instance that is not configured with TLS certificate, but 'Strict' encryption is requested.

    Microsoft.Data.SqlClient.SqlException (0x80131904): The client was unable to establish a connection because of an error during connection initialization process before login. 
Possible causes include the following:  the client tried to connect to an unsupported version of SQL Server; the server was too busy to accept new connections; or there was a resource limitation (insufficient memory or maximum allowed connections) on the server. 
(provider: SSL Provider, error: 0 - No process is on the other end of the pipe.)
---> System.ComponentModel.Win32Exception (233): No process is on the other end of the pipe.
at Microsoft.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose)
at Microsoft.Data.SqlClient.TdsParserStateObject.SNIWritePacket(PacketHandle packet, UInt32& sniError, Boolean canAccumulate, Boolean callerHasConnectionLock, Boolean asyncClose)
at Microsoft.Data.SqlClient.TdsParserStateObject.WriteSni(Boolean canAccumulate)
at Microsoft.Data.SqlClient.TdsParserStateObject.WritePacket(Byte flushMode, Boolean canAccumulate)
at Microsoft.Data.SqlClient.TdsParser.SendPreLoginHandshake(Byte[] instanceName, SqlConnectionEncryptOption encrypt, Boolean integratedSecurity)
at Microsoft.Data.SqlClient.TdsParser.Connect(ServerInfo serverInfo, SqlInternalConnectionTds connHandler, Boolean ignoreSniOpenTimeout, Int64 timerExpire, SqlConnectionString connectionOptions, Boolean withFailover)
...
Error Number:233,State:0,Class:20

Expected behavior

Throw an appropriate error message - as it can be identified from connection properties that user requested 'Strict' encryption and an SSL provider related error has occurred.

Further technical details

Microsoft.Data.SqlClient version: 5.0.1 .NET target: .NET 6 SQL Server version: SQL 2019, 2022 Operating system: Windows 11 (Native SNI)

Additional Context

I haven't tested Managed SNI yet, but that should be fixed to provide correct error messages too.

lcheunglci commented 1 year ago

Hi @cheenamalhotra, I agree, we should have more meaningful exceptions for TDS8 due to the unsupported encryption type for Strict mode on versions prior to Sql Server 2022 as well as the misconfiguration of the certificate as I was also something I noticed when writing the tests in https://github.com/dotnet/SqlClient/pull/1891 , but I'll bring it up to the team and discuss if it's something that we can add in a hotfix in Native SNI or catch in MDS to rethrowing a meaningful exception. I'll get back to you soon.