Uploaded image for project: 'Java Couchbase JVM Core'
  1. Java Couchbase JVM Core
  2. JVMCBC-1074

Better error message when connecting to Capella without TLS

    XMLWordPrintable

Details

    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 2.3.0
    • None
    • None
    • 1
    • SDK12: 4.0 p1 + Quality, SDK14: 4.0 p2 + Capella Cert

    Description

      Suggested release note:

      If you try to connect to Capella without enabling TLS, now you'll get an exception that says TLS is required (instead of an UnknownHostException, which was downright confusing).

      When connecting to Capella without TLS, the SDK reports UnknownHostException, which is misleading.

      To reproduce the issue, use the address of a Capella cluster without enabling TLS. Instead of a helpful error message, you'll see something like:

      [com.couchbase.endpoint][EndpointConnectionFailedEvent][1024us] Connect attempt 4 failed because of UnknownHostException: example.cloud.couchbase.com {"circuitBreaker":"DISABLED","coreId":"0xf3f7b83e00000001","remote":"example.cloud.couchbase.com:8091","type":"MANAGER"}
      

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          david.nault David Nault added a comment -

          Potential fix:

          Whenever we do a DNS SRV lookup and the user has not enabled TLS, look up both the secure and insecure addresses in parallel. If there are secure addresses but no insecure addresses, throw an exception indicating TLS is required.

          If this new behavior causes problems (due to a bogus secure entry?), a user can disable DNS SRV.

          david.nault David Nault added a comment - Potential fix: Whenever we do a DNS SRV lookup and the user has not enabled TLS, look up both the secure and insecure addresses in parallel. If there are secure addresses but no insecure addresses, throw an exception indicating TLS is required. If this new behavior causes problems (due to a bogus secure entry?), a user can disable DNS SRV.

          Shepherding myself since David is on well earned OOO.

          daschl Michael Nitschinger added a comment - Shepherding myself since David is on well earned OOO.

          People

            daschl Michael Nitschinger
            michael.reiche Michael Reiche
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes

                PagerDuty