fix: Default false for sslUseDefaultTrustStore
#906
Conversation
swaldmann
changed the title
false for sslUseDefaultTrustStorefalse for sslUseDefaultTrustStore
hana/package.json
Outdated
| @@ -43,7 +43,8 @@ | |||
| "kinds": { | |||
| "sql": { | |||
| "[production]": { | |||
| "kind": "hana" | |||
| "kind": "hana", | |||
| "sslUseDefaultTrustStore": false | |||
There was a problem hiding this comment.
I am pretty sure that this property would be required to be part of the credentials object. As that is what being send to the database driver. Also this seems to only be a problem with hdb it shouldn't be a problem with @sap/hana-client. Which would mean that it should probably go into:
cds-dbs/hana/lib/drivers/hdb.js
Lines 23 to 41 in 732a2f3
As the change was made in hdb to resolve a long running issue. I am hesitant to have our implementation overwrite the default. The main problem with this change is when the HANAService has a large connection pool or a lot of tenants. As out default max pool size is 10. It would require ~1000 tenants to reach the reported state in the issue.
Additionally it is possible to use the previous hdb version which does not have this behavior to achieve the same state as this PR is trying to achieve. Which only becomes a problem when root issue shows up as it would require the hdb upgrade, but then having it disabled by @cap-js/hana would not allow CAP applications to connect to their HANA system at all anymore.
There was a problem hiding this comment.
Agreed that this is the better place. I moved it to hdb.js. We could also say we change the default for multitenancy only for now, as there's a higher probability stakeholders will run into issues.
For that the internal PR for cds-mtxs would be enough, so we don't have to change cds-dbs at all – keeping this PR in draft state until the DB sync on Monday.
|
is that already fixed by hdb 0.19.11? |
|
|
No, with hdb 0.19.11 does not fix the issue, just change certificates that are mixed in... |
Possible workaround for SAP/node-hdb#240