.Net Realm.Server Notifier.StartAsync never connects to realm cloud instance because of SSL exception


#1

I have tried to use the tutorial here for .NET (https://docs.realm.io/platform/using-synced-realms/server-side-usage/data-change-events) to listen for change events coming from my realm cloud account. I am using Realm.Server 1.1.0 from nuget which depends on Realm 2.2.0. I am targeting .net core 2 from a console application. I tried disabling SSL in the NotifierConfiguration, but it doesn’t seem to affect it. The error I get is simply logged to the console and never enters the do while loop.

var credentials = Credentials.UsernamePassword(“admin”, “my-secret-password”, createUser: false);

        var adminUser = await User.LoginAsync(credentials, new Uri($"https://{REALM_HOST}"));

        var config = new NotifierConfiguration(adminUser)
        {
            // Add all handlers that this notifier will invoke
            Handlers = { new NotificationHandler() },
            EnableSSLValidation = false
        };
        // Start the notifier. Your handlers will be invoked for as
        // long as the notifier is not disposed.
        try
        {
            using (var notifier = await Notifier.StartAsync(config))
            {
                do
                {
                    Console.WriteLine("Type in 'exit' to quit the app.");
                }
                while (Console.ReadLine() != "exit");
            }
        }
        catch (Exception e) {

        }

I get the error below traced to the console.
Connection[1]: Connected to endpoint ‘52.40.195.204:443’ (from ‘127.0.0.1:57309’)
ERROR: Connection[1]: SSL handshake failed: certificate verify failed
Connection[1]: Connection closed due to error

I have searched all morning and cannot figure out what could be wrong with my setup. Any assistance would be great. Is there a CA PEM that you can give me that I can point TrustedCAPath towards?


#2

This is a bug with the .NET Server package that we’ll address in the coming weeks. The only known workaround is to temporarily run this on macOS where the certificates are properly checked against the system Keychain. I’m really sorry about that and will report here once we have a fix.


#3

Ok, glad to know it’s not me. I’ll watch for a fix. Thanks for the quick response.


#4

@nirinchev, Any movement on a fix for this?


#5

There has been some movement, but unfortunately we were pulled to work on something else before we had a chance to complete it. I hope to be able to go back to this early next week.