Long address has failed about go-hdb HOT 13 CLOSED

@stfnmllr Where can i find the TCP/IP port ?

from go-hdb.

Hi @AndreasKlein,

according to https://golang.org/pkg/crypto/tls/
// RootCAs defines the set of root certificate authorities
// that clients use when verifying server certificates.
// If RootCAs is nil, TLS uses the host's root CA set.
you might 'skip' the cert, but then the client is relying on the host's root CA set.

And for curiosity: Is the proxy forwarding the the tcp connection on 443 to the socket after all?

Yes, it does. Depending on the TLSServerName a tcp (tls) connection to the corresponding HANA DB is established, which is 'transparent' to go-hdb.

from go-hdb.

Transport layer protocol between Client (Driver) and database is TCP/IP - the port you used (443) is indicating HTTPS as a protocol which will definetely not work

from go-hdb.

Please double check official HANA documentation like the first chapter of
https://help.sap.com/viewer/0eec0d68141541d1b07893a39944924e/2.0.03/en-US/b250e7fef8614ea0a0973d58eb73bda8.html
HANA ports are normally 5 digit numbers starting with 3 like 30013 or 30115.
In case of doubt you might need to double check with your DB Admin.

from go-hdb.

Hi @stfnmllr , just stumbled across this post, since I am having similar issues. We are trying to connect to a SAP HANA CLOUD instance (managed service in BTP), which afaik can only be connected on port 443. I wouldn't know where to find the 5 digit tcp/ip port.
Does this mean this package cannot be used with SAP Hana Cloud?

from go-hdb.

Hi @AndreasKlein, port 443 is the standard port for HTTPS 'traffic'. go-hdb is connecting to HANA via TCP/IP (not HTTP / HTTPS) whether via a standard or secured TLS connection. You would need to double check 'under' which port the BTP HANA is provisioned and configure the go-hdb client to use TLS if a secured connection would be requested. In case BTP colleagues would confirm on a HTTPS connection, BTP installations would use a HTTP(s) proxy – if this is the case, please let me know as currently go-hdb does not support proxies.

from go-hdb.

Hi @stfnmllr , yep, well aware of that. It is probably a proxy then. Are you able to contact your colleagues at SAP or should we try to get hold of someone?
As an alternative idea: If I understand it correctly there is another go hdb driver based on cgo? Would that one be able to do it?

from go-hdb.

Hi @AndreasKlein,
yes, I am going to double check with my colleagues to get an idea what kind of 'endpoint' BTP (HANA cloud) is providing. I've just seen, that the SAP cloud trial version in case of HAHA DB would give two endpoints: one TCP/IP and a WebSocket connection via a HTTP proxy.
For the capabilities of the 'official' HANA clients (including the golang cgo client) please see: https://help.sap.com/viewer/product/SAP_HANA_CLIENT/2.8/en-US

from go-hdb.

Hi @stfnmllr
Thanks! I was able to connect with the other go-hdb client on the proxy. However, I would prefer using this pkg without C dependencies. So if HANA Cloud has an exposed TCP/IP port, I would just need a pointer on where to find it.

from go-hdb.

Hi @AndreasKlein,
it could be that the 'endpoint alternatives' are SAP cloud offering dependent. I am in contact with my colleagues to get a better understanding about the options. Anyway, in case it turns out, that using the HANA cloud version the HTTP(S) proxy connection is the default or at least always available, I would add this feature to the open source go-hdb driver as well.
I am going to mark this issue as feature request and leave it open until I am in a position to provide a final answer.

from go-hdb.

Hi @AndreasKlein,

I did test go-hdb 'against' HANA cloud and the proxy is using SNI which does require a TLS connection.
To connect successfully you would need a valid root certificate in pem format.

Please see:
https://help.sap.com/viewer/cc53ad464a57404b8d453bbadbc81ceb/Cloud/en-US/5bd9bcec690346a8b36df9161b1343c2.html

The certificate (DigiCertGlobalRootCA.crt.pem) can be downloaded in 'pem-format' from
https://www.digicert.com/kb/digicert-root-certificates.htm

Assuming your HANA cloud 'endpoint' is "something.hanacloud.ondemand.com:443". Then the dsn should look as follows:
"hdb://<USER>:<PASSWORD>@something.hanacloud.ondemand.com:443?TLSServerName=something.hanacloud.ondemand&TLSRootCAFile=<PATH TO CERTIFICATE>/DigiCertGlobalRootCA.crt.pem"

• TLSServerName same as 'host'
• TLSRootCAFile needs to point to the location in your filesystem where the file DigiCertGlobalRootCA.crt.pem is stored

from go-hdb.

@stfnmllr Great, I'll give that a go.

from go-hdb.

@stfnmllr That did work! However the cert wasn't even necessary, the TLSServerName was sufficient. Is that OK from your point of view?

And for curiosity: Is the proxy forwarding the the tcp connection on 443 to the socket after all?

from go-hdb.