Hi Vivek, I had to perform several fixes, and I hope I didn't miss anything. I'm replying to the group in case other folks want to add something I might have overlooked.
1) First you will need to generate the private key and certificate as follows, which is documented in the Readme file <https://github.com/grpc/grpc/blob/master/src/core/lib/tsi/test_creds/README> - the roots.pem <https://raw.githubusercontent.com/grpc/grpc/master/etc/roots.pem> is already provided under /etc/roots.pem <https://raw.githubusercontent.com/grpc/grpc/master/etc/roots.pem>, but not needed for the server since you want custom credentials: $ openssl genrsa -out server1.key.rsa 1024 $ openssl pkcs8 -topk8 -in server1.key.rsa -out server1.key -nocrypt $ rm server1.key.rsa $ openssl req -new -key server1.key -out server1.csr -config server1-openssl.cnf When prompted for certificate information, everything is default except the common name which is set to *.test.google.com. $ openssl ca -in server1.csr -out server1.pem Make sure you add your domain and IP addresses to the server1.openssl.cnf <https://github.com/grpc/grpc/blob/master/src/core/lib/tsi/test_creds/server1-openssl.cnf> file, which looks something like this: [req] distinguished_name = req_distinguished_name req_extensions = v3_req [req_distinguished_name] countryName = Country Name (2 letter code) countryName_default = US stateOrProvinceName = State or Province Name (full name) stateOrProvinceName_default = Illinois localityName = Locality Name (eg, city) localityName_default = Chicago organizationName = Organization Name (eg, company) organizationName_default = Example, Co. commonName = Common Name (eg, YOUR name) commonName_max = 64 [v3_req] basicConstraints = CA:FALSE keyUsage = nonRepudiation, digitalSignature, keyEncipherment subjectAltName = @alt_names [alt_names] DNS.1 = *.test.google.fr DNS.2 = waterzooi.test.google.be DNS.3 = *.test.youtube.com IP.1 = "192.168.1.3" IP.2 = "0.0.0.0" DNS.4 = localhost You can copy the ones from here: ../../../../grpc/src/core/lib/tsi/test_creds/ <https://github.com/grpc/grpc/tree/master/src/core/lib/tsi/test_creds> but the IP and DNS would be different. It runs, but it'll naturally give you "No match found for server name" errors if using the key/cert pair from Github. 2) Then make sure you add to the helloworld.proto <https://raw.githubusercontent.com/grpc/grpc/master/examples/protos/helloworld.proto> file the age field in the reply message, since you are using it in your client and server: uint32 age = 2; and it would then look like this: // The response message containing the greetings message HelloReply { string message = 1; uint32 age = 2; } 3) Then fix the Makefile <https://github.com/grpc/grpc/blob/master/examples/cpp/helloworld/Makefile> as follows for the flags including the _YOUR_PROTOBUF_ locations (I added ../../../include and ../../../libs/opt as a reference, to where you will have the include files and compiled grpc libs): CPPFLAGS += -I/usr/local/include -pthread -I/_YOUR_PROTOBUF_/include -I../../../include CXXFLAGS += -std=c++11 ifeq ($(SYSTEM),Darwin) LDFLAGS += -L/usr/local/lib -L../../../libs/opt -L/_YOUR_PROTOBUF_/lib \ -lgrpc++_reflection \ -lprotobuf -lpthread -ldl else LDFLAGS += -L/usr/local/lib -L../../../libs/opt -L/_YOUR_PROTOBUF_/lib \ -Wl,--no-as-needed -lgrpc++_reflection -Wl,--as-needed \ -lprotobuf -lpthread -ldl endif Then use the attached files, and I had to change some of your include files since they were either not pointing to the correct directory or were not needed. My cluster does not allow me to create certificates (i.e. I don't have permissions to certain directories), so you will need to create them and run the code. I can ran client and server, but don't have the proper certificates - since I cannot create them - but code should be okay. Let us know how it goes. Hope it helps, Paul *From:* Vivek Srivastava [mailto:[email protected]] *Sent:* Tuesday, August 2, 2016 5:55 AM *To:* Paul Grosu *Subject:* Re: [grpc-io] Re: Regarding the compilation of GRPC for libcrypto.a hi Paul I have done the below steps : 1. Checked out the code of grpc from github and compiled for SSL server and client. 2. Main Makefile (which is present in root) for grpc compilation is attached as GRPC_MAIN_MAKE. 3. File for greeter_server.cc and greeter_client (after doing my changes for SSL serve and client) is attached as GREETER_SERVER.CC and GREETER_CLIENT..CC . 4. Makefile used to for compilation of greeter_server and greeter_client binaries are attached as GREETER_MAKE . 5. Compilation command used for compilation of grpc is => "make EMBED_ZLIB=true" . 6. Compilation command used for compilation of greeter_server and greeter_client is "make" whose Makefile is present in directory: "grpc-release-0_15/examples/cpp/helloworld/" 7. OS is Linux 8. After compilation i copied the greeter_server and greeter_client binaries on server with shared libraries 1. libgrpc++.so.0.15.0-dev 2. libgrpc.so.0.15.0-dev 9. I ran the greeter_server and greeter_client binaries on different tabs and i see the below errors on console: On server Error: E0801 10:47:04.937620802 4121 ssl_transport_security.c:953] Handshake failed with fatal error SSL_ERROR_SSL: error:100000b8:SSL routines:OPENSSL_internal:NO_SHARED_CIPHER. E0801 10:47:04.937688243 4121 handshake.c:128] Security handshake failed: {"created":"@1470048424.937656200","description":"Handshake failed","file":"src/core/lib/security/transport/handshake.c","file_line":264,"tsi_code":10,"tsi_error":"TSI_PROTOCOL_FAILURE"} E0801 10:47:04.937762814 4121 server_secure_chttp2.c:119] Secure transport failed with error 1 On Client side Error: E0801 10:47:04.938230033 4122 handshake.c:128] Security handshake failed: {"created":"@1470048424.938180351","description":"Handshake read failed","file":"src/core/lib/security/transport/handshake.c","file_line":237,"referenced_errors":[{"created":"@1470048424.938118363","description":"EOF","file":"src/core/lib/iomgr/tcp_posix.c","file_line":233}]} E0801 10:47:04.938476088 4122 secure_channel_create.c:98] Secure handshake failed with error 1. I0801 10:47:04.938753317 4122 subchannel.c:642] Connect failed: null I0801 10:47:04.938913527 4122 subchannel.c:647] Retry in 0.996400640 seconds Greeter received: RPC failed On Monday, August 1, 2016 at 12:53:45 PM UTC-4, Paul Grosu wrote: > > Hi Vivek, > > Please elaborate on the steps you took to get to this error (i.e. OS, > commands that were run, and console output of the errors). > > Thanks, > Paul > > On Monday, August 1, 2016 at 6:13:10 AM UTC-4, Vivek Srivastava wrote: >> >> hi >> >> I have pulled out the gRPC code from server but i am unable to compile >> library libcrypto.a and libssl.a , due to which i am getting cipher error. >> can any one suggest me how to generate these two library ? >> >> Regards >> Vivek Srivastava >> > -- You received this message because you are subscribed to the Google Groups "grpc.io" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/330c5a7c-f8d3-47f3-a053-30d3550953a4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
/*
*
* Copyright 2015, Google Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are
* met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following disclaimer
* in the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Google Inc. nor the names of its
* contributors may be used to endorse or promote products derived from
* this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#include <iostream>
#include <memory>
#include <string>
#include <fstream>
#include <streambuf>
#include <grpc++/grpc++.h>
#include <grpc++/security/credentials.h>
//#include <src/cpp/client/secure_credentials.h>
#include "helloworld.grpc.pb.h"
using grpc::Channel;
using grpc::ClientContext;
using grpc::Status;
using helloworld::HelloRequest;
using helloworld::HelloReply;
using helloworld::Greeter;
class GreeterClient {
public:
GreeterClient(std::shared_ptr<Channel> channel)
: stub_(Greeter::NewStub(channel)) {}
// Assembles the client's payload, sends it and presents the response back
// from the server.
std::string SayHello(const std::string& user) {
// Data we are sending to the server.
HelloRequest request;
request.set_name(user);
// Container for the data we expect from the server.
HelloReply reply;
// Context for the client. It could be used to convey extra information to
// the server and/or tweak certain RPC behaviors.
ClientContext context;
// The actual RPC.
Status status = stub_->SayHello(&context, request, &reply);
// Here we have received the message from server and its in our hand to display now.
// Act upon its status.
if (status.ok()) {
std::cout << "Received the message successfully" << std::endl;
std::cout << "Name::" << reply.message() << std::endl;
std::cout << "Age::" << reply.age() << std::endl;
return reply.message();
} else {
return "RPC failed";
}
}
private:
std::unique_ptr<Greeter::Stub> stub_;
};
int main(int argc, char** argv) {
std::ifstream t1("roots.pem");
std::string root_certs((std::istreambuf_iterator<char>(t1)),std::istreambuf_iterator<char>());
std::ifstream t2("server1.key");
std::string private_key((std::istreambuf_iterator<char>(t2)),std::istreambuf_iterator<char>());
std::ifstream t3("server1.pem");
std::string cert_chain((std::istreambuf_iterator<char>(t3)),std::istreambuf_iterator<char>());
// Instantiate the client. It requires a channel, out of which the actual RPCs
// are created. This channel models a connection to an endpoint (in this case,
// localhost at port 50051). We indicate that the channel isn't authenticated
// (use of InsecureChannelCredentials()).
// GreeterClient greeter(grpc::CreateChannel(
// "localhost:50051", grpc::InsecureChannelCredentials()));
grpc::SslCredentialsOptions ssl_opts = {root_certs, private_key, cert_chain};
std::shared_ptr<grpc::ChannelCredentials> ssl_channel_creds = grpc::SslCredentials(ssl_opts);
std::cout << "AFTER THEN" << std::endl;
auto channel = grpc::CreateChannel("0.0.0.0:50051", ssl_channel_creds);
GreeterClient greeter(channel);
std::string user("VIVEK");
std::string reply = greeter.SayHello(user);
std::cout << "Greeter received: " << reply << std::endl;
return 0;
}
/*
*
* Copyright 2015, Google Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are
* met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following disclaimer
* in the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Google Inc. nor the names of its
* contributors may be used to endorse or promote products derived from
* this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#include <iostream>
#include <memory>
#include <string>
#include <fstream>
#include <streambuf>
#include <grpc++/grpc++.h>
//#include <security/credentials/credentials.h>
#include <grpc++/security/credentials.h>
//#include <src/cpp/server/secure_server_credentials.h>
#include "helloworld.grpc.pb.h"
using grpc::Server;
using grpc::ServerBuilder;
using grpc::ServerContext;
using grpc::Status;
using helloworld::HelloRequest;
using helloworld::HelloReply;
using helloworld::Greeter;
// Logic and data behind the server's behavior.
class GreeterServiceImpl final : public Greeter::Service {
Status SayHello(ServerContext* context, const HelloRequest* request,
HelloReply* reply) override {
std::string prefix("Hello ");
// reply->set_message(prefix + request->name());
reply->set_message(request->name());
reply->set_age(28);
return Status::OK;
}
};
void RunServer() {
std::string server_address("0.0.0.0:50051");
std::cout << "Going to create secureserver credentials" << std::endl;
// std::shared_ptr<grpc::SecureServerCredentials> sec_srvr_creds(new grpc::SecureServerCredentials(&creds));
//grpc::SslServerCredentialsOptions options;
GreeterServiceImpl service;
ServerBuilder builder;
// Listen on the given address without any authentication mechanism.
// builder.AddListeningPort(server_address, grpc::InsecureServerCredentials());
std::ifstream t1("server1.key");
std::string private_key((std::istreambuf_iterator<char>(t1)),std::istreambuf_iterator<char>());
std::ifstream t2("server1.pem");
std::string cert_chain((std::istreambuf_iterator<char>(t2)),std::istreambuf_iterator<char>());
//std::ifstream t3("roots.pem");
//std::string root_certs((std::istreambuf_iterator<char>(t3)),std::istreambuf_iterator<char>());
grpc::SslServerCredentialsOptions ssl_opts;
grpc::SslServerCredentialsOptions::PemKeyCertPair pkcp = {private_key, cert_chain};
ssl_opts.pem_root_certs = "";
ssl_opts.pem_key_cert_pairs.push_back(pkcp);
// Creating SecureServerCredentials
std::cout << "Going to AddListening" << std::endl;
builder.AddListeningPort(server_address, SslServerCredentials(ssl_opts));
// Register "service" as the instance through which we'll communicate with
// Register "service" as the instance through which we'll communicate with
// clients. In this case it corresponds to an *synchronous* service.
std::cout << "Going to Register Service" << std::endl;
builder.RegisterService(&service);
// Finally assemble the server.
std::cout << "Going to ServerBuilder" << std::endl;
std::unique_ptr<Server> server(builder.BuildAndStart());
std::cout << "Server listening on " << server_address << std::endl;
// Wait for the server to shutdown. Note that some other thread must be
// responsible for shutting down the server for this call to ever return.
server->Wait();
}
int main(int argc, char** argv) {
RunServer();
return 0;
}
Makefile
Description: Binary data
helloworld.proto
Description: Binary data
