Error: "Couldn't set ssl mode" - npgsql

I'm trying to set the SSL Mode in my connection string:
SSL Mode=preferred;
But I'm getting an ArgumentException when my code tries to connect to the database:
Notice that the InnerException, says:
Requested value 'preferred' was not found.
Looking at the following documentation, it should be valid to specify required, disabled or preferred:
Npgsql Connection String Parameters
Npgsql Security and Encryption
I'm using Npgsql 3.0.3, which I obtained using NuGet:

So it turns out that you actually need to specify verb values rather than adjectives:
Disable
Prefer
Require
For example:
SSL Mode=Prefer;
Edit: the documentation has since been corrected.

Add sslmode=Require; and Trust Server Certificate=true; as it is in your connection string.It will work for sure.

Related

SnowSQL Bad Handshake when running PUT

I am trying to PUT a file from local workstation to a named stage I created but getting an SSL error:
("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')],)",)
I am able to run SELECT statements from within SnowSQL and they run with no problems. But when I try to do a PUT I get an error.
I have also installed latest SnowSQL version available but no luck.
Any thoughts on why I would be getting this error?
thanks
My initial thoughts are that the error indicates a firewall or proxy issue. In particular, a proxy might intercept Snowflake's SSL certificate and replace it with their own. The best way to resolve this is to ensure the certificate is trusted in the proxy and the proxy is configured as per Snowflake's documentation so that the Snowflake certificate can pass through.
The documentation below has more information on using a proxy with SnowSQL. You can pass along the error with issuer details to your network engineer and can request to whitelist the required URLs (documentation also below outlining the whitelisting requirements). You can use the SYSTEM$WHITELIST function to get all the URLs to whitelist in a proxy or firewall for your account.
https://docs.snowflake.net/manuals/user-guide/snowsql-start.html#using-a-proxy-server
https://docs.snowflake.net/manuals/user-guide/hostname-whitelist.html

Codename One BrowserComponent - read server certificate

Is it possible to read the server TLS certificate in the BrowserComponennt (specifically the public key)?
No. You can probably use native interfaces to do that...
But I'm assuming that what you're trying to do is verify the server to protect against some attacks specifically through certificate pinning. Is that correct?
If so check out the certificate pinning section in the developer guide here; https://www.codenameone.com/manual/security.html

Why does azure search .net fail with UTF-8 error when calling Indexes.Exists

I have tried to use the Azure Search .net api but I cannot get past a UTF-8 encoding error when I try to either check if an index exists or create an index.
To keep things simple I tried downloading
https://github.com/Azure-Samples/search-dotnet-getting-started
Built the DotNetHowTo.sln with an updated appsettings.json but running the program results in the same error I get in my application:
The call to:
if (serviceClient.Indexes.Exists("hotels"))
Results in
System.InvalidOperationException: 'The character set provided in ContentType is invalid. Cannot read content as string using an invalid character set.'
Inner Exception
ArgumentException: '"UTF-8"' is not a supported encoding name. For information on defining a custom encoding, see the documentation for the Encoding.RegisterProvider method.
This turned out to be a Sophos Web Appliance related issue. Sophos has facility to validate certificates and you have to add *.search.windows.net so it can trust the necessary certificates.
Redacted Sophos Configuration Image

Camel sftp - For a passwordless login setup - I get Jsch exception: Auth fail

I'm trying to connect to an SFTP server for which I have passwordless authentication setup. I can connect to this server from the terminal. However, when I try to access the server using Springboot - Camel-SFTP, I get an exception:
2018-08-29 14:59:24,617 WARN org.apache.camel.component.file.remote.SftpConsumer : Error auto creating directory: incoming due Cannot connect to sftp://username#host.net:22. This exception is ignored.
org.apache.camel.component.file.GenericFileOperationFailedException: Cannot connect to sftp://username#host.net:22
Caused by: com.jcraft.jsch.JSchException: Auth fail
at com.jcraft.jsch.Session.connect(Session.java:519)
at org.apache.camel.component.file.remote.SftpOperations.connect(SftpOperations.java:116)
... 33 common frames omitted
This is the endpoint for my route:
file-endpoint: sftp://username#host.net/incoming?streamDownload=true&noop=true&disconnect=true&stepwise=false&useList=false&fileName=abc.txt&ignoreFileNotFoundOrPermissionError=false&sendEmptyMessageWhenIdle=true&privateKeyPassphrase=XXX&preferredAuthentications=publickey&privateKeyFile=/Users/username/.ssh/id_rsa&scheduler=spring&scheduler.cron=0+0/1++++
Any help would be appreciated. Thanks!
From the filename, I'd assume an RSA key -- be sure that this is the case. I've had problems with JSch using an ed25519 key.
Additionally, in the SFPT route's that I've set up, I don't use "user#" in the URI; I just have
sftp://some.host/directory?username=someone?privateKeyFile=<>[..options..]
but I don't include a blank password attribute as indicated by fliot
Finally, you might try to check the destination server's sshd log; it may have something useful.
Simple answer : Add username and password, even if password may be empty.
Long answer:
I got several working routes with
username=something&password=&privateKeyPassphrase=XXX&preferredAuthentications=publickey&privateKeyFile=id_rsa
By the way, the path of your private key, make me anxious, by default, on linux, a local user is allowed to use local file as private ssh key, only the key is "chmod 400", or similar. Please, check your Karaf or Servicemix instance can correctly read this path.
Additionnaly, you can see the entire sFTP workout, with
log4j.logger.org.apache.camel.component.file.remote.SftpOperations = ON

LDAPS with ActiveDirectoryMembershipProvider on ASP.Net Webforms

I have set the ActiveDirectoryMembershipProvider connectionProtection attribute to secure, according to MSDN documentation states that when this is set to secure the following holds:
"The ActiveDirectoryMembershipProvider class will attempt to connect to Active Directory using SSL. If SSL fails, a second attempt to connect to Active Directory using sign-and-seal will be made. If both attempts fail, the ActiveDirectoryMembershipProvider instance will throw a ProviderException exception."
The code works and queries can be made against the LDAP but one issue that has me a little confused is that my connection string is prefixed with LDAP and not LDAPS. Changing this to LDAPS results in the following error:
"Parser Error Message: Error HRESULT E_FAIL has been returned from a call to a COM component."
What is happening here? In the first instance where the connection string is simply LDAP is SSL being used? The documentation indicates that if it is not, an exception should be thrown. If not, then what would be the likely cause for this error in this context?
As far as I know, all the LDAP DN's (distinguished names) always have an LDAP only prefix - whether they're over a secure link or not. The secure aspect typically shows up by means of the port on the server being used, 389 being the default for non-secure, and 636 being the default for a secure communication.
But the spec of the LDAP distinguished names doesn't have a LDAPS prefix, really. I've done a lot of LDAP work a few years ago, and I do remember having to deal with different ports for trusted or secured communications, but I never once had a full-qualified LDAP path have anything else but an LDAP:// prefix (case sensitive, too!).
The LDAP:// prefix is used both for clear and SSL connections, to check whether the communication is indeed under SSL try step 3 of this blog entry http://erlend.oftedal.no/blog/?blogid=7

Resources