[jira] [Commented] (IGNITE-24906) .NET: Client Node Discovery fails with HTTPS enabled

Tue, 02 Dec 2025 12:24:07 -0800 


    [ 
https://issues.apache.org/jira/browse/IGNITE-24906?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18042295#comment-18042295
 ] 

Ignite TC Bot commented on IGNITE-24906:
----------------------------------------

{panel:title=Branch: [pull/12549/head] Base: [master] : Possible Blockers 
(3)|borderStyle=dashed|borderColor=#ccc|titleBGColor=#F7D6C1}
{color:#d04437}Platform C++ CMake (Win x64 / Release){color} [[tests 0 TIMEOUT 
, Exit Code |https://ci2.ignite.apache.org/viewLog.html?buildId=8731108]]

{color:#d04437}Cache (Failover) 2{color} [[tests 0 TIMEOUT , Exit Code , 
Failure on metric |https://ci2.ignite.apache.org/viewLog.html?buildId=8731060]]

{color:#d04437}Cache 2{color} [[tests 0 TIMEOUT , Exit Code , Failure on metric 
|https://ci2.ignite.apache.org/viewLog.html?buildId=8731049]]

{panel}
{panel:title=Branch: [pull/12549/head] Base: [master] : No new tests 
found!|borderStyle=dashed|borderColor=#ccc|titleBGColor=#F7D6C1}{panel}
[TeamCity *--> Run :: All* 
Results|https://ci2.ignite.apache.org/viewLog.html?buildId=8731154&buildTypeId=IgniteTests24Java8_RunAll]

> .NET: Client Node Discovery fails with HTTPS enabled
> ----------------------------------------------------
>
>                 Key: IGNITE-24906
>                 URL: https://issues.apache.org/jira/browse/IGNITE-24906
>             Project: Ignite
>          Issue Type: Bug
>          Components: platforms, thin client
>    Affects Versions: 2.15, 2.16, 2.17
>            Reporter: Pavel Tupitsyn
>            Assignee: Pavel Tupitsyn
>            Priority: Major
>              Labels: .NET
>             Fix For: 2.18
>
>          Time Spent: 50m
>  Remaining Estimate: 0h
>
> Automatic Node Discovery fails in .NET Thin Client with HTTPS enabled due to 
> certificate validation issues.
> *Steps to Reproduce:*
> * Set up a cluster where each node has HTTPS enabled and a trusted 
> certificate with both the hostname and DNS alias in the SAN list.
> * Connect to the cluster using the .NET Thin Client.
> * Enable Automatic Server Node Discovery 
> (IgniteClientConfiguration.EnableClusterDiscovery).
> * Observe that the discovery process fails with a 
> *RemoteCertificateNameMismatch* error.
> *Observed Behavior:*
> * The error occurs because discovery requests target IP addresses instead of 
> hostnames.
> * Since the IP addresses are not included in the certificate's SAN list, 
> certificate validation fails.
> * The error is logged in the background, but the client is still able to 
> connect.
> *Expected Behavior:*
> * Automatic Server Node Discovery should not fail when each host has a valid, 
> trusted certificate.
> * Discovery requests should use hostnames instead of IP addresses for HTTPS 
> connections.
> *Log output:*
> {code}
> [11:16:49] [Error] [ClientFailoverSocket] Failed to update topology 
> information (exception: 
> System.Security.Authentication.AuthenticationException: The remote 
> certificate was rejected by the provided RemoteCertificateValidationCallback.
>    at 
> System.Net.Security.SslStream.CompleteHandshake(SslAuthenticationOptions 
> sslAuthenticationOptions)
>    at 
> System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](Boolean 
> receiveFirst, Byte[] reAuthenticationData, CancellationToken 
> cancellationToken)
>    at 
> System.Net.Security.SslStream.ProcessAuthenticationWithTelemetryAsync(Boolean 
> isAsync, CancellationToken cancellationToken)
>    at 
> System.Net.Security.SslStream.AuthenticateAsClient(SslClientAuthenticationOptions
>  sslClientAuthenticationOptions)
>    at Apache.Ignite.Core.Client.SslStreamFactory.Create(Stream stream, String 
> targetHost)
>    at Apache.Ignite.Core.Impl.Client.ClientSocket.GetSocketStream(Socket 
> socket, IgniteClientConfiguration cfg, String host)
>    at 
> Apache.Ignite.Core.Impl.Client.ClientSocket..ctor(IgniteClientConfiguration 
> clientConfiguration, EndPoint endPoint, String host, Nullable`1 version, 
> Action`1 topVerCallback, Marshaller marshaller)
>    at 
> Apache.Ignite.Core.Impl.Client.ClientFailoverSocket.TryConnect(ClientDiscoveryNode
>  node)
>    at Apache.Ignite.Core.Impl.Client.ClientFailoverSocket.InitSocketMap()
>    at 
> Apache.Ignite.Core.Impl.Client.ClientFailoverSocket.<OnAffinityTopologyVersionChange>b__40_0(Object
>  _))
> {code}
> Potential cause: *ClientFailoverSocket* in the .NET client uses IP endpoints 
> instead of hostnames.
> Reference: 
> [ClientFailoverSocket.cs#L948|https://github.com/apache/ignite/blob/be1f4bc6378c0ceb75a16c286a1a6ee00875d624/modules/platforms/dotnet/Apache.Ignite.Core/Impl/Client/ClientFailoverSocket.cs#L133]



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to