Comments (13)
@stfnmllr Where can i find the TCP/IP port ?
from go-hdb.
Hi @AndreasKlein,
according to https://golang.org/pkg/crypto/tls/
// RootCAs defines the set of root certificate authorities
// that clients use when verifying server certificates.
// If RootCAs is nil, TLS uses the host's root CA set.
you might 'skip' the cert, but then the client is relying on the host's root CA set.
And for curiosity: Is the proxy forwarding the the tcp connection on 443 to the socket after all?
Yes, it does. Depending on the TLSServerName a tcp (tls) connection to the corresponding HANA DB is established, which is 'transparent' to go-hdb.
from go-hdb.
Transport layer protocol between Client (Driver) and database is TCP/IP - the port you used (443) is indicating HTTPS as a protocol which will definetely not work
from go-hdb.
Please double check official HANA documentation like the first chapter of
https://help.sap.com/viewer/0eec0d68141541d1b07893a39944924e/2.0.03/en-US/b250e7fef8614ea0a0973d58eb73bda8.html
HANA ports are normally 5 digit numbers starting with 3 like 30013 or 30115.
In case of doubt you might need to double check with your DB Admin.
from go-hdb.
Hi @stfnmllr , just stumbled across this post, since I am having similar issues. We are trying to connect to a SAP HANA CLOUD instance (managed service in BTP), which afaik can only be connected on port 443. I wouldn't know where to find the 5 digit tcp/ip port.
Does this mean this package cannot be used with SAP Hana Cloud?
from go-hdb.
Hi @AndreasKlein, port 443 is the standard port for HTTPS 'traffic'. go-hdb is connecting to HANA via TCP/IP (not HTTP / HTTPS) whether via a standard or secured TLS connection. You would need to double check 'under' which port the BTP HANA is provisioned and configure the go-hdb client to use TLS if a secured connection would be requested. In case BTP colleagues would confirm on a HTTPS connection, BTP installations would use a HTTP(s) proxy – if this is the case, please let me know as currently go-hdb does not support proxies.
from go-hdb.
Hi @stfnmllr , yep, well aware of that. It is probably a proxy then. Are you able to contact your colleagues at SAP or should we try to get hold of someone?
As an alternative idea: If I understand it correctly there is another go hdb driver based on cgo? Would that one be able to do it?
from go-hdb.
Hi @AndreasKlein,
yes, I am going to double check with my colleagues to get an idea what kind of 'endpoint' BTP (HANA cloud) is providing. I've just seen, that the SAP cloud trial version in case of HAHA DB would give two endpoints: one TCP/IP and a WebSocket connection via a HTTP proxy.
For the capabilities of the 'official' HANA clients (including the golang cgo client) please see: https://help.sap.com/viewer/product/SAP_HANA_CLIENT/2.8/en-US
from go-hdb.
Hi @stfnmllr
Thanks! I was able to connect with the other go-hdb client on the proxy. However, I would prefer using this pkg without C dependencies. So if HANA Cloud has an exposed TCP/IP port, I would just need a pointer on where to find it.
from go-hdb.
Hi @AndreasKlein,
it could be that the 'endpoint alternatives' are SAP cloud offering dependent. I am in contact with my colleagues to get a better understanding about the options. Anyway, in case it turns out, that using the HANA cloud version the HTTP(S) proxy connection is the default or at least always available, I would add this feature to the open source go-hdb driver as well.
I am going to mark this issue as feature request and leave it open until I am in a position to provide a final answer.
from go-hdb.
Hi @AndreasKlein,
I did test go-hdb 'against' HANA cloud and the proxy is using SNI which does require a TLS connection.
To connect successfully you would need a valid root certificate in pem format.
The certificate (DigiCertGlobalRootCA.crt.pem) can be downloaded in 'pem-format' from
https://www.digicert.com/kb/digicert-root-certificates.htm
Assuming your HANA cloud 'endpoint' is "something.hanacloud.ondemand.com:443". Then the dsn should look as follows:
"hdb://<USER>:<PASSWORD>@something.hanacloud.ondemand.com:443?TLSServerName=something.hanacloud.ondemand&TLSRootCAFile=<PATH TO CERTIFICATE>/DigiCertGlobalRootCA.crt.pem"
- TLSServerName same as 'host'
- TLSRootCAFile needs to point to the location in your filesystem where the file DigiCertGlobalRootCA.crt.pem is stored
from go-hdb.
@stfnmllr Great, I'll give that a go.
from go-hdb.
@stfnmllr That did work! However the cert wasn't even necessary, the TLSServerName
was sufficient. Is that OK from your point of view?
And for curiosity: Is the proxy forwarding the the tcp connection on 443 to the socket after all?
from go-hdb.
Related Issues (20)
- [Feature Request] Distribution settings hardcoded to OFF? HOT 8
- comments at the beginning of the query throws error HOT 9
- Bug - wrong scan type for decimal with null values HOT 6
- protocol error: invalid number of lob parameter ids 1 HOT 4
- [defect] insert lob with size more or equal to 8192 will fail HOT 1
- rows.Next does not stream all rows HOT 2
- Unable to open database connection due to DSN parsing error HOT 1
- Panic inserting invalid type to DECIMAL HOT 1
- [rl-assigned_teams-5] Violation against OSS Rules of Play HOT 1
- [rl-assigned_teams-3] Violation against OSS Rules of Play HOT 1
- [rl-reuse_tool-1] Violation against OSS Rules of Play HOT 1
- [rl-reuse_tool-3] Violation against OSS Rules of Play HOT 1
- [rl-reuse_tool-4] Violation against OSS Rules of Play HOT 1
- Parse DSN error if password contains backtick HOT 2
- [rl-reuse_tool-1] Violation against OSS Rules of Play HOT 1
- Why adding options to flag in an embedded library? HOT 1
- ld: symbol(s) not found for architecture arm64 HOT 1
- Example code result error
- Support for `databaseName` query param HOT 1
- EOF error when using x509 certificate for login on HANA Cloud HOT 11
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from go-hdb.