Dependency Injection EventStore.Client.EventStoreClientSettings.CreateHttpMessageHandler obsolete. What to use now?

I just got the message that CreateHttpMessageHandler is obsolete. What do I need to use in it’s place now?

I was looking in the documentation and the examples how to accept all remote certificates but I can’t find what I need to use now in it’s place. Also the obsolete message isn’t giving any information.

I might have misunderstood your query, but you want to wire up the code for accepting / validating the server certificate?

If that is correct, we do this:

        httpClientHandler.ServerCertificateCustomValidationCallback = (message,
                                                                       cert,
                                                                       chain,
                                                                       errors) =>
                                                                      {
                                                                          return true; 
                                                                      };
        using(HttpClient client = new HttpClient(httpClientHandler))

That still uses the CreateHttpMessageHandler which is obsolete. I got the following code for Dependency Injection:

services.AddEventStoreClient(configureSettings: settings =>
{
    settings.ConnectivitySettings.Address = new Uri(uri);
    settings.DefaultCredentials = new UserCredentials(username, password);
    settings.ConnectionName = connectionName;
    settings.OperationOptions = new EventStoreClientOperationOptions
                                {
                                    TimeoutAfter = TimeSpan.FromSeconds(5),
                                };

    //TODO: EventStoreClientSettings.CreateHttpMessageHandler is obsolete.
    settings.CreateHttpMessageHandler = () => new SocketsHttpHandler
                                              {
                                                  SslOptions =
                                                  {
                                                      // TODO: accept all certificates, because we use self-signed within the cluster.
                                                      RemoteCertificateValidationCallback = delegate
                                                      {
                                                          return true;
                                                      },
                                                  },
                                                                   
                                              };
});

Not sure then. I suspect we will run into this issue at some point (we are manually instansiating this at the moment)

Ah ok, well they obsoleted this in the package but didn’t put the message in the obsolete or updated their documentation on it. So I don’t know how I should fix this.

@StuiterSlurf your issue is not the custom HTTP message handler. You need to disable the server certificate validation. Simply add tlsVerifyCert=false to the connection string and your issue will be solved.

I am not sure why it was marked obsolete as indeed the connection string parameter creates a custom HTTP message handler and assign it to this obsolete parameter. I will try to check.

Concerning the comment that we haven’t updated the documentation for this settings property, I get a bit confused as this settings property was never documented. Could you please point me to the documentation where it should be updated?

1 Like

Also, this one is not obsolete:

public static IServiceCollection AddEventStoreClient(this IServiceCollection services, Uri address,
	Func<HttpMessageHandler>? createHttpMessageHandler = null)
	=> services.AddEventStoreClient(options => {
		options.ConnectivitySettings.Address = address;
		options.CreateHttpMessageHandler = createHttpMessageHandler;
	});

@alexey.zimarev Is it a mistake that they obsoleted it in the source code then? (I have a .NET Core 3.1 service)

EventStoreCLientSettings.cs line 30

https://github.com/EventStore/EventStore-Client-https://github.com/EventStore/EventStore-Client-Dotnet/blob/a853663cb06fcc70db12f0da20956f4afa63f3c7/src/EventStore.Client/EventStoreClientSettings.cs#L30

@alexey.zimarev Thanks for giving me the connection string option to turn of the certificate check.

I still got a question why for .NET Core 3.1 the CreateHttpMessageHandler is obsoleted then.
The link in the post above doesn’t work. This is the correct link:

What I said is that the client registration extension for the DI container, which is provided out-of-the-box, allows you to specify how the HTTP message handler is created using a delegate function. Even if the property itself is marked as obsolete, it doesn’t mean that the functionality will disappear. The property is implementation details, so I would use the provider registration extensions instead.

1 Like