TLS errors unclear response by neofs-cli
#2561
Assignees
Labels
Milestone
Comments
carpawell
added
bug
|
@carpawell were you able to verify/refute any of the hypotheses? |
cthulhu-rider
added a commit
to nspcc-dev/neofs-api-go
that referenced
this issue
Feb 28, 2024
Inspired by nspcc-dev/neofs-node#2561. Signed-off-by: Leonard Lyubich <leonard@morphbits.io>
cthulhu-rider
added a commit
to nspcc-dev/neofs-api-go
that referenced
this issue
Feb 28, 2024
Since 2b89b7e, RPC client used `grpc.WithBlock` option to dial the server. This option make dialer to return either `nil` or `context.DeadlineExceeded` errors, with any connection error resulting in the latter. In particular, TLS handshake failures were shadowed by deadline error. Now `WithReturnConnectionError` option is used instead: * it still blocks similar to `WithBlock`; * it adds connection failure to the deadline error. As a result, TLS unit test passes now. This should fix the problem originally posted in nspcc-dev/neofs-node#2561. Signed-off-by: Leonard Lyubich <leonard@morphbits.io>
cthulhu-rider
added a commit
to nspcc-dev/neofs-sdk-go
that referenced
this issue
Feb 28, 2024
Fix came from nspcc-dev/neofs-api-go#445 for the problem described in nspcc-dev/neofs-node#2561. Фlso now any irreparable errors like invalid address will be returned immediately, not upon reaching the deadline. Signed-off-by: Leonard Lyubich <leonard@morphbits.io>
cthulhu-rider
added a commit
to nspcc-dev/neofs-sdk-go
that referenced
this issue
Feb 28, 2024
Fix came from nspcc-dev/neofs-api-go#445 for the problem described in nspcc-dev/neofs-node#2561. Фlso now any irreparable errors (like invalid net address or TLS handshake) will be returned immediately, not upon reaching the deadline. Signed-off-by: Leonard Lyubich <leonard@morphbits.io>
cthulhu-rider
added a commit
that referenced
this issue
Feb 28, 2024
This pulls NeoFS SDK version containing fix of the NeoFS API client dial failures nspcc-dev/neofs-sdk-go#561. Previously, any connection errors, including TLS, resulted in waiting for a deadline and returning `context.DeadlineExceeded`. This did not make it possible to distinguish them from timeouts and identify the root cause. In addition, irreparable errors such as an incorrect network address or connection refusal were also reduced to `context.DeadlineExceeded`, even if they were received quickly. This behavior has also been fixed. Fixes #2561. Signed-off-by: Leonard Lyubich <leonard@morphbits.io>
cthulhu-rider
added a commit
to nspcc-dev/neofs-api-go
that referenced
this issue
Feb 28, 2024
Inspired by nspcc-dev/neofs-node#2561. Signed-off-by: Leonard Lyubich <leonard@morphbits.io>
cthulhu-rider
added a commit
to nspcc-dev/neofs-api-go
that referenced
this issue
Feb 28, 2024
Since 2b89b7e, RPC client used `grpc.WithBlock` option to dial the server. This option make dialer to return either `nil` or `context.DeadlineExceeded` errors, with any connection error resulting in the latter. In particular, TLS handshake failures were shadowed by deadline error. Now `WithReturnConnectionError` option is used instead: * it still blocks similar to `WithBlock`; * it adds connection failure to the deadline error. As a result, TLS unit test passes now. This should fix the problem originally posted in nspcc-dev/neofs-node#2561. Signed-off-by: Leonard Lyubich <leonard@morphbits.io>
cthulhu-rider
added a commit
to nspcc-dev/neofs-api-go
that referenced
this issue
Feb 28, 2024
Inspired by nspcc-dev/neofs-node#2561. Signed-off-by: Leonard Lyubich <leonard@morphbits.io>
cthulhu-rider
added a commit
to nspcc-dev/neofs-api-go
that referenced
this issue
Feb 28, 2024
Since 2b89b7e, RPC client used `grpc.WithBlock` option to dial the server. This option make dialer to return either `nil` or `context.DeadlineExceeded` errors, with any connection error resulting in the latter. In particular, TLS handshake failures were shadowed by deadline error. Now `WithReturnConnectionError` option is used instead: * it still blocks similar to `WithBlock`; * it adds connection failure to the deadline error. As a result, TLS unit test passes now. This should fix the problem originally posted in nspcc-dev/neofs-node#2561. Signed-off-by: Leonard Lyubich <leonard@morphbits.io>
cthulhu-rider
added a commit
to nspcc-dev/neofs-api-go
that referenced
this issue
Feb 28, 2024
Inspired by nspcc-dev/neofs-node#2561. Signed-off-by: Leonard Lyubich <leonard@morphbits.io>
cthulhu-rider
added a commit
to nspcc-dev/neofs-api-go
that referenced
this issue
Feb 28, 2024
Since 2b89b7e, RPC client used `grpc.WithBlock` option to dial the server. This option make dialer to return either `nil` or `context.DeadlineExceeded` errors, with any connection error resulting in the latter. In particular, TLS handshake failures were shadowed by deadline error. Now `WithReturnConnectionError` option is used instead: * it still blocks similar to `WithBlock`; * it adds connection failure to the deadline error. As a result, TLS unit test passes now. This should fix the problem originally posted in nspcc-dev/neofs-node#2561. Signed-off-by: Leonard Lyubich <leonard@morphbits.io>
cthulhu-rider
added a commit
to nspcc-dev/neofs-sdk-go
that referenced
this issue
Feb 28, 2024
Fix came from nspcc-dev/neofs-api-go#445 for the problem described in nspcc-dev/neofs-node#2561. Фlso now any irreparable errors (like invalid net address or TLS handshake) will be returned immediately, not upon reaching the deadline. Signed-off-by: Leonard Lyubich <leonard@morphbits.io>
cthulhu-rider
added a commit
to nspcc-dev/neofs-sdk-go
that referenced
this issue
Feb 28, 2024
Fix came from nspcc-dev/neofs-api-go#445 for the problem described in nspcc-dev/neofs-node#2561. Also now any irreparable errors (like invalid net address or TLS handshake) will be returned immediately, not upon reaching the deadline. Signed-off-by: Leonard Lyubich <leonard@morphbits.io>
cthulhu-rider
added a commit
that referenced
this issue
Feb 29, 2024
This pulls NeoFS SDK version containing fix of the NeoFS API client dial failures nspcc-dev/neofs-sdk-go#561. Previously, any connection errors, including TLS, resulted in waiting for a deadline and returning `context.DeadlineExceeded`. This did not make it possible to distinguish them from timeouts and identify the root cause. In addition, irreparable errors such as an incorrect network address or connection refusal were also reduced to `context.DeadlineExceeded`, even if they were received quickly. This behavior has also been fixed. Fixes #2561. Signed-off-by: Leonard Lyubich <leonard@morphbits.io>
cthulhu-rider
added a commit
that referenced
this issue
Mar 4, 2024
This pulls NeoFS API Go version containing fix of the NeoFS API client dial failures nspcc-dev/neofs-sdk-go#561. Previously, any connection errors, including TLS, resulted in waiting for a deadline and returning `context.DeadlineExceeded`. This did not make it possible to distinguish them from timeouts and identify the root cause. In addition, irreparable errors such as an incorrect network address or connection refusal were also reduced to `context.DeadlineExceeded`, even if they were received quickly. This behavior has also been fixed. Fixes #2561. Signed-off-by: Leonard Lyubich <leonard@morphbits.io>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Expected Behavior
v0.32.0:Immediate response, understandable error.
Current Behavior
v0.33.0+:15 seconds timeout. Error... well, could be better.
Possible Solution
gois broken?neofs-cliis broken?Steps to Reproduce (for bugs)
Get the provided CLI versions from the GH release pages, use testnet endpoints, pretend to be an idiot and use a secure (
grpcs"protocol") client for an insecure endpoint.Context
Extremely annoying bug while you try to find out what is wrong with your certs: nspcc-dev/neofs-dev-env#287.
Regression
v0.33.0CLI release.Your Environment
Does not work locally and on GH workers (ubuntu if it means something).
The text was updated successfully, but these errors were encountered: