The client code has server address as 0.0.0.0:50051 not as localhost:50051,
as mentioned in my previous reply.
On Wednesday, November 16, 2016 at 9:30:33 AM UTC-8, AK wrote:
>
> I added the certificate and key to server and it starts now. I generated
> some certificates and keys using a script mentioned in one of the posts in
> this group. Now after using server.crt and server.key generated by that
> script the server is running. However, what certificate and key should be
> added to the client to communicate with the server? Here is my client
> program. I am using client.crt and client.key generated by that script.
>
> std::ifstream tfile("client.crt");
> std::stringstream cli_cert;
> cli_cert << tfile.rdbuf();
> tfile.close();
>
> tfile.open("client.key");
> std::stringstream cli_key;
> cli_key << tfile.rdbuf();
> tfile.close();
>
> grpc::SslCredentialsOptions ssl_opts;
> ssl_opts.pem_root_certs="";
> ssl_opts.pem_private_key=cli_key.str();
> ssl_opts.pem_cert_chain=cli_cert.str();
>
> GreeterClient greeter(grpc::CreateChannel(
> "localhost:50051", grpc::SslCredentials(ssl_opts)));
> std::string user("world");
> std::string reply = greeter.SayHello(user);
>
> Here is the error that I get on client side when the client is executed.
>
> E1116 09:26:59.622489462 17976 ssl_transport_security.c:199]
> ssl_info_callback: error occured.
>
> E1116 09:26:59.622623322 17976 ssl_transport_security.c:945] Handshake
> failed with fatal error SSL_ERROR_SSL: error:1000007d:SSL
> routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED.
> E1116 09:26:59.622641277 17976 handshake.c:128] Security
> handshake failed:
> {"created":"@1479317219.622630904","description":"Handshake
> failed","file":"src/core/lib/security/transport/handshake.c","file_line":264,"tsi_code":10,"tsi_error":"TSI_PROTOCOL_FAILURE"}
>
> The error on server side is:
>
> E1116 09:18:28.809683734 17911 server_secure_chttp2.c:123] Secure
> transport failed with error 1
> E1116 09:26:59.606240723 17911 ssl_transport_security.c:1288] No match
> found for server name: 0.0.0.0.
> E1116 09:26:59.622738415 17911 handshake.c:128] Security
> handshake failed:
> {"created":"@1479317219.622724267","description":"Handshake read
> failed","file":"src/core/lib/security/transport/handshake.c","file_line":237,"referenced_errors":[{"created":"@1479317219.622722928","description":"EOF","file":"src/core/lib/iomgr/tcp_posix.c","file_line":235}]}
> E1116 09:26:59.622827154 17911 server_secure_chttp2.c:123] Secure
> transport failed with error 1
>
> I am guessing something is wrong with the server name ?
>
> On Tuesday, November 15, 2016 at 11:07:19 PM UTC-8, Christian Svensson
> wrote:
>>
>> Did you pass a real certificate and private key to PemKeyCertPair? If you
>> used "a", "b" that's your problem.
>>
>> On Nov 16, 2016 03:47, "AK" <[email protected]> wrote:
>>
>>> I know nothing about SSL/TLS and am trying to use SSL/TLS channel in
>>> gRPC by following instructions found online.
>>> Here is the server code:
>>>
>>> std::string server_address("0.0.0.0:50051");
>>> GreeterServiceImpl service;
>>>
>>> grpc::SslServerCredentialsOptions::PemKeyCertPair pkcp ={"a","b"};
>>> grpc::SslServerCredentialsOptions ssl_opts;
>>> ssl_opts.pem_root_certs="";
>>> ssl_opts.pem_key_cert_pairs.push_back(pkcp);
>>>
>>> std::shared_ptr<grpc::ServerCredentials> creds;
>>> creds = grpc::SslServerCredentials(ssl_opts);
>>>
>>> ServerBuilder builder;
>>> builder.AddListeningPort(server_address, creds);
>>> builder.RegisterService(&service);
>>> std::unique_ptr<Server> server(builder.BuildAndStart());
>>>
>>> The server won't start and terminates with following error.
>>>
>>> E1115 13:00:55.657846941 17129 ssl_transport_security.c:636] Invalid
>>> cert chain file.
>>> E1115 13:00:55.657936436 17129 security_connector.c:830] Handshaker
>>> factory creation failed with TSI_INVALID_ARGUMENT.
>>> E1115 13:00:55.657954952 17129 server_secure_chttp2.c:344]
>>> {"created":"@1479243655.657946821","description":"Unable to create secure
>>> server with credentials of type
>>> Ssl.","file":"src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.c","file_line":242,"security_status":1}
>>> Server listening on 0.0.0.0:50051
>>> Segmentation fault (core dumped)
>>>
>>> Any help would be appreciated.
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "grpc.io" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to [email protected].
>>> To post to this group, send email to [email protected].
>>> Visit this group at https://groups.google.com/group/grpc-io.
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/grpc-io/e8597c77-c857-4b00-ae7e-2cb207df857f%40googlegroups.com
>>>
>>> <https://groups.google.com/d/msgid/grpc-io/e8597c77-c857-4b00-ae7e-2cb207df857f%40googlegroups.com?utm_medium=email&utm_source=footer>
>>> .
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>
--
You received this message because you are subscribed to the Google Groups
"grpc.io" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/group/grpc-io.
To view this discussion on the web visit
https://groups.google.com/d/msgid/grpc-io/f73bc506-a466-4e7f-9de7-30d4b309e0f4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
