Unable to skip SSL authentication when connecting to Emulator running in WSL.
See original GitHub issueDescribe the bug
I would like to connect to a cosmos emulator running in WSL. I don’t want to use SSL so I overrode CosmosClientOptions.HttpClientFactory
to skip the SSL validation.
To Reproduce Run the emulator in WSL (Ubuntu 22.04 distro from my side) using:
$ ipaddr="`ifconfig | grep "inet " | grep -Fv 127.0.0.1 | awk '{print $2}' | head -n 1`"
$ docker run -p 8081:8081 -p 10250-10255:10250-10255 -e AZURE_COSMOS_EMULATOR_PARTITION_COUNT=1 -e AZURE_COSMOS_EMULATOR_IP_ADDRESS_OVERRIDE=$ipaddr -i -t mcr.microsoft.com/cosmosdb/linux/azure-cosmos-emulator
Console app:
const string AccountEndpoint = "https://localhost:8081/";
const string AccountKey = "C2y6yDjf5/R+ob0N8A7Cgv30VRDJIWEHLM+4QDU5DE2nQ9nDuVTqobD4b8mGGyPMbIZnqyMsEcaGQy67XIw/Jw==";
var cosmosClient = new CosmosClient(AccountEndpoint, AccountKey, new()
{
ConnectionMode = ConnectionMode.Gateway,
HttpClientFactory = () =>
{
var httpMessageHandler = new HttpClientHandler
{
ServerCertificateCustomValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator
};
return new HttpClient(httpMessageHandler);
}
});
await cosmosClient.CreateDatabaseIfNotExistsAsync("demo");
Expected behavior The program runs successfully.
Actual behavior
The program hangs in cosmosClient.CreateDatabaseIfNotExistsAsync
, never returning and never creating a database.
Environment summary SDK Version: 3.32.3 OS Version: Windows 11
Additional context The issue is similar to #2706 but this issue is closed and I am not able to find a solution.
Issue Analytics
- State:
- Created 5 months ago
- Comments:6 (6 by maintainers)
Top Results From Across the Web
Unable to resolve "unable to get local issuer certificate ...
Open Git Bash and run the command if you want to completely disable SSL verification. git config --global http.sslVerify false.
Read more >Run the Azure Cosmos DB Emulator on Docker for Linux
Learn how to run and use the Azure Cosmos DB Linux Emulator on Linux ... Optionally, you can disable TLS/SSL validation on your...
Read more >Getting ASP.NET Core dev certs working in both WSL and ...
So when the relying party web application tries to talk to the IdP, it gets served an SSL certificate that it doesn't trust....
Read more >Android Device & Emulator
1. Install Root Proxyman Certificate on your machine: You can follow the macOS Guide. · 2. Get your Android Device or Emulator ->...
Read more >Four Ways to Bypass Android SSL Verification and ...
Technique 1 – Adding a Custom CA to the User Certificate Store. The simplest way to avoid SSL errors is to have a...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
@Baltima, as @bartelink mentioned, this repo is not for Emulator debugging.
SDK does not have any special mechanics for the Emulator. You can use Gateway or Direct mode.
Disabling SSL is an alternative if you are running into certificate problems with the emulator, but it’s not required.
When you say an async operation hangs, it can mean two things, it is not hanging, just taking a long time, in which case this means it’s probably an HTTP issue with ports (leave it running and it should eventually throw an exception), or the thread is indeed hung which means your application code is poorly written and you are locking threads, in which case you need to figure out what is blocking threads and resolve it.
In both cases, solving the problem is on your end. Either because it’s a port issue (you need to figure out why the ports are not open or behaving as intended) or because it’s a thread block (you need to find where is the blocking code), there is nothing that needs to be changed on the SDK code. Based on experience, this sounds like the former (port issue) as was already stated on this thread.
From our side, this Issue is not actionable. First because this repo is not for Emulator support, and second because this thread does not contain any exception or data that we could help with.
OK, I guess you’ll figure it out then.
For me, the key thing is that the connection mode greatly influences the ports used, so it’s key to get to a point where you know what those port numbers are, and then validate that they are wired up correctly. You absolutely want to know the connection mode you’re talking about and then follow the docs. In my case, I know Direct can be made to work locally, I know I want to use it in prod, and I know that you have
-p
arguments related to them; hence I’d be targeting that. But if you know better, make sure you know the connection mode and/or ports.Changing the cert validation policy comes after that - if there’s a discrepancy or problem, you’ll get a clear exception. You’re not that point - it’s hanging. (And, for avoidance of doubt, changing the cert check config does not affect the endpoint and/or connection mode.)