Skip to content

Commit

Permalink
SNOW-799391: Add troubleshooting guide link for ssl exceptions (#1924)
Browse files Browse the repository at this point in the history
  • Loading branch information
sfc-gh-dprzybysz authored Oct 21, 2024
1 parent 6a004ad commit babe0d8
Show file tree
Hide file tree
Showing 3 changed files with 77 additions and 17 deletions.
9 changes: 8 additions & 1 deletion src/main/java/net/snowflake/client/jdbc/RestRequest.java
Original file line number Diff line number Diff line change
Expand Up @@ -283,7 +283,14 @@ public static CloseableHttpResponse execute(
// if an SSL issue occurs like an SSLHandshakeException then fail
// immediately and stop retrying the requests

throw new SnowflakeSQLLoggedException(null, ErrorCode.NETWORK_ERROR, ex, ex.getMessage());
String formattedMsg =
ex.getMessage()
+ "\n"
+ "Verify that the hostnames and portnumbers in SYSTEM$ALLOWLIST are added to your firewall's allowed list.\n"
+ "To troubleshoot your connection further, you can refer to this article:\n"
+ "https://docs.snowflake.com/en/user-guide/client-connectivity-troubleshooting/overview";

throw new SnowflakeSQLLoggedException(null, ErrorCode.NETWORK_ERROR, ex, formattedMsg);

} catch (Exception ex) {

Expand Down
36 changes: 36 additions & 0 deletions src/test/java/net/snowflake/client/jdbc/ConnectionLatestIT.java
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@
import static org.hamcrest.CoreMatchers.is;
import static org.hamcrest.CoreMatchers.not;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.Matchers.instanceOf;
import static org.hamcrest.core.AnyOf.anyOf;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
Expand Down Expand Up @@ -48,7 +49,9 @@
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Random;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.SSLHandshakeException;
import net.snowflake.client.ConditionalIgnoreRule;
import net.snowflake.client.RunningNotOnAWS;
import net.snowflake.client.RunningOnGithubAction;
Expand Down Expand Up @@ -1618,4 +1621,37 @@ public void shouldGetOverridenConnectionAndSocketTimeouts() throws Exception {
assertEquals(Duration.ofMillis(200), HttpUtil.getSocketTimeout());
}
}

/** Added in > 3.19.0 */
@Test
public void shouldFailOnSslExceptionWithLinkToTroubleShootingGuide() throws InterruptedException {
Properties properties = new Properties();
properties.put("user", "fakeuser");
properties.put("password", "testpassword");
properties.put("ocspFailOpen", Boolean.FALSE.toString());

int maxRetries = 5;
int retry = 0;

// *.badssl.com may fail on timeouts
while (retry < maxRetries) {
try {
DriverManager.getConnection("jdbc:snowflake://expired.badssl.com/", properties);
fail("should fail");
} catch (SQLException e) {
if (!(e.getCause() instanceof SSLHandshakeException)) {
retry++;
Thread.sleep(1000 * new Random().nextInt(3));
continue;
}
assertThat(e.getCause(), instanceOf(SSLHandshakeException.class));
assertTrue(
e.getMessage()
.contains(
"https://docs.snowflake.com/en/user-guide/client-connectivity-troubleshooting/overview"));
return;
}
}
fail("All retries failed");
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@
import java.sql.DriverManager;
import java.sql.SQLException;
import java.util.Properties;
import java.util.Random;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLPeerUnverifiedException;
import net.snowflake.client.ConditionalIgnoreRule;
Expand Down Expand Up @@ -412,22 +413,38 @@ public void testExpiredCert() {

/** Test Wrong host. Will fail in both FAIL_OPEN and FAIL_CLOSED. */
@Test
public void testWrongHost() {
try {
DriverManager.getConnection(
"jdbc:snowflake://wrong.host.badssl.com/", OCSPFailClosedProperties());
fail("should fail");
} catch (SQLException ex) {
assertThat(ex, instanceOf(SnowflakeSQLException.class));

// The certificates used by badssl.com expired around 05/17/2022,
// https://github.com/chromium/badssl.com/issues/504. After the certificates had been updated,
// the exception seems to be changed from SSLPeerUnverifiedException to SSLHandshakeException.
assertThat(
ex.getCause(),
anyOf(
instanceOf(SSLPeerUnverifiedException.class),
instanceOf(SSLHandshakeException.class)));
public void testWrongHost() throws InterruptedException {
int maxRetries = 5;
int retry = 0;

// *.badssl.com may fail on timeouts
while (retry < maxRetries) {
try {
DriverManager.getConnection(
"jdbc:snowflake://wrong.host.badssl.com/", OCSPFailClosedProperties());
fail("should fail");
} catch (SQLException ex) {
if (!(ex.getCause() instanceof SSLPeerUnverifiedException)
&& !(ex.getCause() instanceof SSLHandshakeException)) {
retry++;
Thread.sleep(1000 * new Random().nextInt(3));
continue;
}
assertThat(ex, instanceOf(SnowflakeSQLException.class));

// The certificates used by badssl.com expired around 05/17/2022,
// https://github.com/chromium/badssl.com/issues/504. After the certificates had been
// updated,
// the exception seems to be changed from SSLPeerUnverifiedException to
// SSLHandshakeException.
assertThat(
ex.getCause(),
anyOf(
instanceOf(SSLPeerUnverifiedException.class),
instanceOf(SSLHandshakeException.class)));
return;
}
fail("All retries failed");
}
}

Expand Down

0 comments on commit babe0d8

Please sign in to comment.