After updating my C# client and C# server from gRPC v1.3.6 to v1.4.1, I
encountered a problem the client could not establish a secure SSL
connection to the server, when passing empty private key from the client
side.
The server is configured like this:
var cacert = config.ChannelRootCertificates; // ca.crt
var servercert = config.ChannelCertificateChain; // server.crt
var serverkey = config.ChannelPrivateKey; // server.key
var keypair = new KeyCertificatePair(servercert, serverkey);
var sslCredentials = new SslServerCredentials(new
List<KeyCertificatePair>() { keypair }, cacert, false); // **** don't
forceClientAuth
The client is configured like this:
var cacert = Encoding.ASCII.GetString(Certificates.ca);
var clientcert = Encoding.ASCII.GetString(Certificates.client);
var clientkey = Encoding.ASCII.GetString(Certificates.clientkey);
var keypair = new KeyCertificatePair(clientcert, null); // **** Passing
NULL private key for the client
var sslCredentials = new SslCredentials(cacert, keypair);
Up to version 1.3.6, the connection was established successfully.
The NULL private key means that the server does not enforce the identity of
the client (but the client still enforces the identity of the server).
When I change the private key parameter in the KeyCertificatePair, to the
real private key, the connection works fine.
My question is:
1. Did the authentication logic was intentionally changed between the
versions, and the failure is a feature and not a bug?
2. Under those circumstances, how can I establish an SSL connection
without making the client to have a private key? (I don't care about
authenticating the client's identity in the server)
Thanks!
--
You received this message because you are subscribed to the Google Groups
"grpc.io" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/group/grpc-io.
To view this discussion on the web visit
https://groups.google.com/d/msgid/grpc-io/35c6cb7a-1693-4114-8fa2-ed5868a1c3ce%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.