What is the bug?
A connection to an OpenSearch cluster with self-signed certificates is not possible.
It would be good to be able to start a local OpenSearch cluster (running on https://localhost:9200) and then connect via Power BI for testing upgrades, etc.
How can one reproduce the bug?
docker run --rm -p 9200:9200 -e OPENSEARCH_INITIAL_ADMIN_PASSWORD=myStrongPassword123@456 -e discovery.type=single-node opensearchproject/opensearch:3.1.0
Create ODBC DSN via ODBC-Datasources dialog with the settings:
- Data Source Name: OpenSearchLocal
- Host: https://localhost
- Port: 9200
- Auth: BASIC
- User: admin
- Password: myStrongPassword123@456
Click on Advanced Options button:
- Hostname Verification: Disable checkbox
Test the connection via the Test button => connection fails.
What is the expected behavior?
Testing the connection should work and using the configured DSN via Power BI should also work.
What is your host/environment?
- OS: Windows
- Version 11
- Plugins
Do you have any screenshots?
No.
Do you have any additional context?
The bug is in the referenced aws-cpp-sdk until 1.11.513
https://github.com/aws/aws-sdk-cpp/blob/1.11.513/src/aws-cpp-sdk-core/source/http/windows/WinHttpSyncHttpClient.cpp#L536
DWORD requestFlags = request->GetUri().GetScheme() == Scheme::HTTPS && m_verifySSL ? WINHTTP_FLAG_SECURE : 0;
WINHTTP_FLAG_SECURE is not set in this case.
Fixed from 1.11.514:
https://github.com/aws/aws-sdk-cpp/blob/1.11.514/src/aws-cpp-sdk-core/source/http/windows/WinHttpSyncHttpClient.cpp#L538
if (request->GetUri().GetScheme() == Scheme::HTTPS) {
requestFlags |= WINHTTP_FLAG_SECURE;
}
It could be fixed by upgrading the builtin-baseline in vcpkg.json.
I tested it with:
{
"name": "sql-odbc",
"version-string": "1.5.0.0",
"dependencies": [
"aws-sdk-cpp",
"rapidjson",
"zlib",
"gtest",
"curl"
],
"builtin-baseline": "d578779e9d35791230e86367303fb3bfc9c1f335"
}
Which upgrades to 1.11.591.
This fixes this bug, but it looks like a client certificate is expected for authentication afterwards.
This default can/should be changed in OpenSearchCommunication::InitializeConnection:
Aws::Client::ClientConfiguration config;
config.scheme = (m_rt_opts.crypt.use_ssl ? Aws::Http::Scheme::HTTPS
: Aws::Http::Scheme::HTTP);
config.verifySSL = m_rt_opts.crypt.verify_server;
config.winHTTPOptions.useAnonymousAuth = true; // Added
In case reviewers are available I could also create a PR.
What is the bug?
A connection to an OpenSearch cluster with self-signed certificates is not possible.
It would be good to be able to start a local OpenSearch cluster (running on https://localhost:9200) and then connect via Power BI for testing upgrades, etc.
How can one reproduce the bug?
docker run --rm -p 9200:9200 -e OPENSEARCH_INITIAL_ADMIN_PASSWORD=myStrongPassword123@456 -e discovery.type=single-node opensearchproject/opensearch:3.1.0Create ODBC DSN via ODBC-Datasources dialog with the settings:
Click on Advanced Options button:
Test the connection via the Test button => connection fails.
What is the expected behavior?
Testing the connection should work and using the configured DSN via Power BI should also work.
What is your host/environment?
Do you have any screenshots?
No.
Do you have any additional context?
The bug is in the referenced
aws-cpp-sdkuntil1.11.513https://github.com/aws/aws-sdk-cpp/blob/1.11.513/src/aws-cpp-sdk-core/source/http/windows/WinHttpSyncHttpClient.cpp#L536
WINHTTP_FLAG_SECUREis not set in this case.Fixed from
1.11.514:https://github.com/aws/aws-sdk-cpp/blob/1.11.514/src/aws-cpp-sdk-core/source/http/windows/WinHttpSyncHttpClient.cpp#L538
It could be fixed by upgrading the
builtin-baselineinvcpkg.json.I tested it with:
Which upgrades to
1.11.591.This fixes this bug, but it looks like a client certificate is expected for authentication afterwards.
This default can/should be changed in
OpenSearchCommunication::InitializeConnection:In case reviewers are available I could also create a PR.