Description
Describe the bug
Error Message is confusing when the private CA is not trusted & using discovery or gossip seed
with a connection like esdb+discover://[SomeDomain]:2113 or esdb://[node1]:2113,[node2]:2113,[node3]:2113
It says Failed to discover candidate in 10 attempts.
while actually the certificate chain is not trusted
To Reproduce
Steps to reproduce the behavior:
- create a 3 node cluster with a private CA
- do NOT trust the root ca
- append / read an event with the C# client
Expected behavior
An error message telling the problem is that the certificate presented by the node is not trusted .
and that either the root CA should be added to the trusted store certificates or tlsVerifyCert=false added to the connection string
- some details about the problematic certificate
Actual behavior
Error message is
Unhandled exception. EventStore.Client.DiscoveryException: Failed to discover candidate in 10 attempts.
at EventStore.Client.GossipChannelSelector.DiscoverAsync(CancellationToken cancellationToken)
at EventStore.Client.GossipChannelSelector.SelectChannelAsync(CancellationToken cancellationToken)`
That error is confusing , as the first reason that would pop into one's mind is that the discovery failed due to some network problem or the cluster being down .
Config/Logs/Screenshots
EventStore details
-
EventStore server version: 22.10.0
-
Operating system: WIN 111
-
EventStore client version (if applicable): 22.0.0
Additional context
the error goes away when using esdb+discover://[SomeDomain]:2113?tlsVerifyCert=false but I wouldn't recommend that in a production scenario.
The client should be explicit about the problem to help diagnose & eventually give tips on how to solve
I guess this would be true for any root or certificate in the chain that would not be trusted.