I added the certificate and key to server and it starts now. I generated
some certificates and keys using a script mentioned in one of the posts in
this group. Now after using server.crt and server.key generated by that
script the server is running. However, what certificate and key should be
added to the client to communicate with the server? Here is my client
program. I am using client.crt and client.key generated by that script.
std::ifstream tfile("client.crt");
std::stringstream cli_cert;
cli_cert << tfile.rdbuf();
tfile.close();
tfile.open("client.key");
std::stringstream cli_key;
cli_key << tfile.rdbuf();
tfile.close();
grpc::SslCredentialsOptions ssl_opts;
ssl_opts.pem_root_certs="";
ssl_opts.pem_private_key=cli_key.str();
ssl_opts.pem_cert_chain=cli_cert.str();
GreeterClient greeter(grpc::CreateChannel(
"localhost:50051", grpc::SslCredentials(ssl_opts)));
std::string user("world");
std::string reply = greeter.SayHello(user);
Here is the error that I get on client side when the client is executed.
E1116 09:26:59.622489462 17976 ssl_transport_security.c:199]
ssl_info_callback: error occured.
E1116 09:26:59.622623322 17976 ssl_transport_security.c:945] Handshake
failed with fatal error SSL_ERROR_SSL: error:1000007d:SSL
routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED.
E1116 09:26:59.622641277 17976 handshake.c:128] Security
handshake failed:
{"created":"@1479317219.622630904","description":"Handshake
failed","file":"src/core/lib/security/transport/handshake.c","file_line":264,"tsi_code":10,"tsi_error":"TSI_PROTOCOL_FAILURE"}
The error on server side is:
E1116 09:18:28.809683734 17911 server_secure_chttp2.c:123] Secure
transport failed with error 1
E1116 09:26:59.606240723 17911 ssl_transport_security.c:1288] No match
found for server name: 0.0.0.0.
E1116 09:26:59.622738415 17911 handshake.c:128] Security
handshake failed:
{"created":"@1479317219.622724267","description":"Handshake read
failed","file":"src/core/lib/security/transport/handshake.c","file_line":237,"referenced_errors":[{"created":"@1479317219.622722928","description":"EOF","file":"src/core/lib/iomgr/tcp_posix.c","file_line":235}]}
E1116 09:26:59.622827154 17911 server_secure_chttp2.c:123] Secure
transport failed with error 1
I am guessing something is wrong with the server name ?
On Tuesday, November 15, 2016 at 11:07:19 PM UTC-8, Christian Svensson
wrote:
>
> Did you pass a real certificate and private key to PemKeyCertPair? If you
> used "a", "b" that's your problem.
>
> On Nov 16, 2016 03:47, "AK" <[email protected] <javascript:>> wrote:
>
>> I know nothing about SSL/TLS and am trying to use SSL/TLS channel in gRPC
>> by following instructions found online.
>> Here is the server code:
>>
>> std::string server_address("0.0.0.0:50051");
>> GreeterServiceImpl service;
>>
>> grpc::SslServerCredentialsOptions::PemKeyCertPair pkcp ={"a","b"};
>> grpc::SslServerCredentialsOptions ssl_opts;
>> ssl_opts.pem_root_certs="";
>> ssl_opts.pem_key_cert_pairs.push_back(pkcp);
>>
>> std::shared_ptr<grpc::ServerCredentials> creds;
>> creds = grpc::SslServerCredentials(ssl_opts);
>>
>> ServerBuilder builder;
>> builder.AddListeningPort(server_address, creds);
>> builder.RegisterService(&service);
>> std::unique_ptr<Server> server(builder.BuildAndStart());
>>
>> The server won't start and terminates with following error.
>>
>> E1115 13:00:55.657846941 17129 ssl_transport_security.c:636] Invalid
>> cert chain file.
>> E1115 13:00:55.657936436 17129 security_connector.c:830] Handshaker
>> factory creation failed with TSI_INVALID_ARGUMENT.
>> E1115 13:00:55.657954952 17129 server_secure_chttp2.c:344]
>> {"created":"@1479243655.657946821","description":"Unable to create secure
>> server with credentials of type
>> Ssl.","file":"src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.c","file_line":242,"security_status":1}
>> Server listening on 0.0.0.0:50051
>> Segmentation fault (core dumped)
>>
>> Any help would be appreciated.
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "grpc.io" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to [email protected] <javascript:>.
>> To post to this group, send email to [email protected]
>> <javascript:>.
>> Visit this group at https://groups.google.com/group/grpc-io.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/grpc-io/e8597c77-c857-4b00-ae7e-2cb207df857f%40googlegroups.com
>>
>> <https://groups.google.com/d/msgid/grpc-io/e8597c77-c857-4b00-ae7e-2cb207df857f%40googlegroups.com?utm_medium=email&utm_source=footer>
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
--
You received this message because you are subscribed to the Google Groups
"grpc.io" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/group/grpc-io.
To view this discussion on the web visit
https://groups.google.com/d/msgid/grpc-io/8d755a1f-49c6-4f13-bca2-e474a9950323%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
