SNOW-1650640: Emit WARNING instead of ERROR for OCSP fail-open message

[colin-rogers-dbt]

What is the current behavior?

When running queries on behalf of our users in dbt Cloud we often see the following ERROR message:

ERROR:snowflake.connector.ocsp_snowflake:WARNING!!! Using fail-open to connect. Driver is connecting to an HTTPS endpoint without OCSP based Certificate Revocation checking as it could not obtain a valid OCSP Response to use from the CA OCSP responder.

While this is often due to DNS issues that our users can address it can also happen transitively. As we run a lot of queries against snowflake these errors can result in a great deal of noise in our logging.

What is the desired behavior?

Can this instead be emitted as a warning? It would be more intuitive for our users and de-clutter our logging (along with our log based metrics).

How would this improve snowflake-connector-python?

Making it easier to interpret/use snowflake-connector logging.

References and other background

No response

[sfc-gh-dszmolka]

hi - thanks for raising this request, it's quite reasonable considering we indeed continue to connect even though OCSP could not be performed. Created a #2045 in attempt to change the loglevel to warning.

However, as you are already aware that the presence of this warning message signals permanent/temporal inability to reach OCSP endpoints, optimally the root cause of such issues needs to be investigated and eliminated in the runtime environment. Mainly because if OCSP checks cannot be performed, it inevitably will mean timeouts and retries to the same endpoints, which means unnecessary delays possibly introduced into the particular connection's setup time.

Anyways, it should be emitted as warning i agree, and not an error

[sfc-gh-dszmolka]

change is merged and will be included in the next release

[sfc-gh-dszmolka]

change released with v3.12.2