Steeltoe
Steeltoe copied to clipboard
Published
20 hours ago •
SteeltoeOSS
SteeltoeOSS
ValidateCertificates=false no longer works in V3.2.0 or V3.2.1, however it works in V3.1.3
Hi Guys, excellent library and super useful for us.
We are running V3.1.3 of Steeltoe.Extensions.Configuration.ConfigServerCore, without issue.
However, as soon as we upgrade to V3.2.0 or even the latest V3.2.1 we then encounter the following application exception (See below) on startup.
It appears the library is attempting to validate our config server's certificate even though we explicitly have configured it not to, by using the ValidateCertificates=false Steeltoe configuration property.
Here is our appsetting.json section with this config.
"spring": {
"application": {
"name": "Sonic.Orders.HL7.InboundOrderService"
},
"cloud": {
"config": {
"enabled": true,
"uri": "[Removed for security privacy]",
"validateCertificates": false,
"username": "root",
"password": "[Removed for security privacy]",
"failFast": true
}
}
},
Environment:
- Steeltoe Version 3.2.0 or 3.2.1 (It works in V3.1.3)
- Platform: not too sure but its not Azure
- OS: Client app running on Windows 10 Enterprise 2016 LTSB
- .NET Version: .NET Core 6.0
- Any other library versions to note: I'm also using Serilog.AspNetCore V6.1.0 to log, and pass in an ILoggerFactory to the .AddConfigServer() method on startup. Back in Steeltoe V3.1.3 this then logs as follows, however, in V3.2.0 or 3.2.1 no such logging is seen, just the exception.
Logging seen in working version V3.1.3 on startup: 2022-12-09 12:59:39.274 +10:00 [INF] Fetching config from server at: https://[Removed for security privacy] 2022-12-09 12:59:40.373 +10:00 [INF] Located environment: Sonic.Orders.HL7.InboundOrderService, ["uat"], null, null, null
The Exception that is thrown when using V3.2.0 or V3.2.1:
Steeltoe.Extensions.Configuration.ConfigServer.ConfigServerException: Could not locate PropertySource, fail fast property is set, failing
---> System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure: RemoteCertificateNameMismatch, RemoteCertificateChainErrors
at System.Net.Security.SslStream.SendAuthResetSignal(ProtocolToken message, ExceptionDispatchInfo exception)
at System.Net.Security.SslStream.CompleteHandshake(SslAuthenticationOptions sslAuthenticationOptions)
at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm)
at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken)
--- End of inner exception stack trace ---
at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.AddHttp11ConnectionAsync(HttpRequestMessage request)
at System.Threading.Tasks.TaskCompletionSourceWithCancellation`1.WaitWithCancellationAsync(CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.GetHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.SendWithVersionDetectionAndRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken)
at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.HttpClient.<SendAsync>g__Core|83_0(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationTokenSource cts, Boolean disposeCts, CancellationTokenSource pendingRequestsCts, CancellationToken originalCancellationToken)
at Steeltoe.Extensions.Configuration.ConfigServer.ConfigServerConfigurationProvider.RemoteLoadAsync(String requestUri)
at Steeltoe.Extensions.Configuration.ConfigServer.ConfigServerConfigurationProvider.DoLoad(Boolean updateDictionary)
--- End of inner exception stack trace ---
at Steeltoe.Extensions.Configuration.ConfigServer.ConfigServerConfigurationProvider.DoLoad(Boolean updateDictionary)
at Steeltoe.Extensions.Configuration.ConfigServer.ConfigServerConfigurationProvider.LoadInternal(Boolean updateDictionary)
at Steeltoe.Extensions.Configuration.ConfigServer.ConfigServerConfigurationProvider.Load()
at Microsoft.Extensions.Configuration.ConfigurationManager.AddSource(IConfigurationSource source)
at Microsoft.Extensions.Configuration.ConfigurationManager.Microsoft.Extensions.Configuration.IConfigurationBuilder.Add(IConfigurationSource source)
at Steeltoe.Extensions.Configuration.ConfigServer.ConfigServerConfigurationBuilderExtensions.AddConfigServer(IConfigurationBuilder configurationBuilder, ConfigServerClientSettings defaultSettings, ILoggerFactory logFactory)
at Steeltoe.Extensions.Configuration.ConfigServer.ConfigServerConfigurationBuilderExtensionsCore.DoAddConfigServer(IConfigurationBuilder configurationBuilder, String applicationName, String environmentName, ILoggerFactory logFactory)
at Steeltoe.Extensions.Configuration.ConfigServer.ConfigServerConfigurationBuilderExtensionsCore.AddConfigServer(IConfigurationBuilder configurationBuilder, IHostEnvironment environment, ILoggerFactory logFactory)
at Steeltoe.Extensions.Configuration.ConfigServer.ConfigServerHostBuilderExtensions.<>c__DisplayClass1_0.<AddConfigServer>b__0(HostBuilderContext context, IConfigurationBuilder config)
at Microsoft.AspNetCore.Builder.ConfigureHostBuilder.ConfigureAppConfiguration(Action`2 configureDelegate)
at Steeltoe.Extensions.Configuration.ConfigServer.ConfigServerHostBuilderExtensions.AddConfigServer(IHostBuilder hostBuilder, ILoggerFactory loggerFactory)
at Program.<Main>$(String[] args) in C:\Repos\Sonic.ConfigServerExample\Sonic.ConfigServerExample.Api\Program.cs:line 17
Thanks for considering guys.
