Issue with deploying

[JacobwBruce]

Hi,

I love this crate, I am however, running into an issue when I deploy a server using it. I have the following code from the example code:

let client = SnowflakeClient::new(
    "USERNAME",
    SnowflakeAuthMethod::Password("PASSWORD".to_string()),
    SnowflakeClientConfig {
        account: "ACCOUNT".to_string(),
        role: Some("ROLE".to_string()),
        warehouse: Some("WAREHOUSE".to_string()),
        database: Some("DATABASE".to_string()),
        schema: Some("SCHEMA".to_string()),
    },
)?;

let session = client.create_session().await?;

I am of course replacing it with my connection details, and I am able to make a connection and query snowflake when I am running the server locally, but when I deploy to Render.com (I have also deployed elsewhere but I have the same issue), I get the following error from the last line of the example code:

Error: Reqwest(reqwest::Error { kind: Request, url: Url { scheme: "https", cannot_be_a_base: false, 
username: "", password: None,host: Some(Domain("*****")), 
port: None, path: "/session/v1/login-request", query:
Some("warehouse=****&databaseName=****&schemaName=****&roleName=****"),
fragment: None }, source: hyper::Error(Connect, 
Ssl(Error { code: ErrorCode(1), cause: Some(Ssl(ErrorStack([Error 
{ code: 337047686, library: "SSL routines", function: "tls_process_server_certificate", 
reason: "certificate verify failed", file: "../ssl/statem/statem_clnt.c", line: 1916 }]))) }, 
X509VerifyResult { code: 62, error: "Hostname mismatch" })) })

Please note: I am replacing any sensitive information in the error message with ****

Any help would be appreciated, thank you.

[kenkoooo]

Thank you for reporting this issue. It appears that the error originated from the HTTP client and is related to SSL. Since it currently relies on native TLS, it requires OpenSSL to be installed. Have you placed your executable into a slim Docker image, such as Alpine, and pushed it to Render? I guess some necessary libraries may not be installed in your image.

[JacobwBruce]

Hello, thank you for the response. I have deployed using a docker image and using cargo but the issue persisted. I'll paste my Dockerfile below for reference.

FROM lukemathwalker/cargo-chef:latest-rust-1.72.0 AS chef
WORKDIR /app

FROM chef AS planner
COPY . .
RUN cargo chef prepare --recipe-path recipe.json

FROM chef AS builder
COPY --from=planner /app/recipe.json recipe.json
RUN cargo chef cook --recipe-path recipe.json

COPY . .
RUN cargo build --release

FROM rust:1.72-slim AS template-rust
COPY --from=builder /app/target/release/vic-snowflake /usr/local/bin
ENTRYPOINT ["/usr/local/bin/vic-snowflake"]

[kenkoooo]

I understand. The -slim image doesn't include libssl-dev and pkg-config, which are necessary for using native TLS. You can resolve this issue by running apt install libssl-dev pkg-config, but I strongly recommend using a different image that's built with these libraries.

For example, gcr.io/distroless/cc-debian12 includes all the necessary libraries, but it's still small.

[JacobwBruce]

Appreciate the help, unfortunately that didn't work either, still getting the same error. I'm on a time crutch for my work so I'm going to try using Snowflakes REST API instead for the time being, and maybe come back to this when I have the time. If I figure out a solution I'll be sure to drop it here 👍

[kenkoooo]

I'll close this issue. Please feel free to reopen it whenever you'd like to discuss it further.

[bobdemp]

Hi

I experienced the same problem. My fix was to change the reqwest ClientBuilder to use_rustls_tls()

let client = ClientBuilder::new().use_rustls_tls().gzip(true).build()?;

You need to enable it in the features

reqwest = { version = "0.11", features = ["json", "gzip", "rustls-tls"] }

[kenkoooo]

Thank you for finding the solution. I will implement it in #40.