The code you have on server side looks correct to me(I have pretty much the
same code).
Have you loaded the root cert for the server on the client (the CA that
issued the cert to the server)? On client side, code could look like:
std::string rootCerts;
readSSLFile("cacert.pem", rootCerts);
grpc::SslCredentialsOptions sslOps;
sslOps.pem_root_certs = rootCerts;
GrpcClient
grpceClient(grpc::CreateChannel(ENDPOINT_1_EXTERNAL_SECURE,
grpc::SslCredentials(sslOps)));
There are some details at https://github.com/grpc/grpc/issues/9593
HTH.
On Sunday, April 22, 2018 at 8:43:48 AM UTC-7, Todd Defilippi wrote:
>
> I am trying to get TLS authentication working for a C++ server
> implementation I am working on.
>
> The relevant code is:
>
> grpc::SslServerCredentialsOptions::PemKeyCertPair keyCert
> = { tlsKeyContents_, tlsCertContents_ };
> grpc::SslServerCredentialsOptions sslOps;
> sslOps.pem_root_certs = "";
> sslOps.pem_key_cert_pairs.push_back(keyCert);
> builder_->AddListeningPort(addr,
> grpc::SslServerCredentials(sslOps));
>
> where tlsKeyContents_ and tlsCertContents_ are the server key and
> certifiticate, respectively.
>
> I seem to be unable to get the TLS handshake to work. When I enable gRPC
> logging, I see:
>
> D0421 17:22:09.629340909 24866 tcp_posix.c:531] write:
> {"created":"@1524356529.629325854","description":"OS
> Error","errno":32,"file":"src/core/lib/iomgr/tcp_posix.c","file_line":424,"grpc_status":14,"os_error":"Broken
>
> pipe","syscall":"sendmsg"}
> D0421 17:22:09.629435059 24866 security_handshaker.c:126] Security
> handshake failed:
> {"created":"@1524356529.629415453","description":"Handshake write
> failed","file":"src/core/lib/security/transport/security_handshaker.c","file_line":346,"referenced_errors":[{"created":"@1524356529.629325854","description":"OS
>
> Error","errno":32,"file":"src/core/lib/iomgr/tcp_posix.c","file_line":424,"grpc_status":14,"os_error":"Broken
>
> pipe","syscall":"sendmsg"}]}
> D0421 17:22:09.629455934 24866 lockfree_event.c:167]
> lfev_set_shutdown: 0x7fa0911b1648 curr=(nil)
> err={"created":"@1524356529.629415453","description":"Handshake write
> failed","file":"src/core/lib/security/transport/security_handshaker.c","file_line":346,"referenced_errors":[{"created":"@1524356529.629325854","description":"OS
>
> Error","errno":32,"file":"src/core/lib/iomgr/tcp_posix.c","file_line":424,"grpc_status":14,"os_error":"Broken
>
> pipe","syscall":"sendmsg"}]}
> D0421 17:22:09.629474573 24866 lockfree_event.c:167]
> lfev_set_shutdown: 0x7fa0911b1650 curr=0x2
> err={"created":"@1524356529.629415453","description":"Handshake write
> failed","file":"src/core/lib/security/transport/security_handshaker.c","file_line":346,"referenced_errors":[{"created":"@1524356529.629325854","description":"OS
>
> Error","errno":32,"file":"src/core/lib/iomgr/tcp_posix.c","file_line":424,"grpc_status":14,"os_error":"Broken
>
> pipe","syscall":"sendmsg"}]}
> D0421 17:22:09.629490837 24866 combiner.c:218]
> C:0x7fa09105ec60 grpc_combiner_execute c=0x7fa091231c90 cov=0 last=1
> D0421 17:22:09.629500108 24866 timer_generic.c:322] TIMER
> 0x7fa091054980: CANCEL pending=true
> D0421 17:22:09.629506399 24866 chttp2_server.c:83] Handshaking
> failed: {"created":"@1524356529.629415453","description":"Handshake write
> failed","file":"src/core/lib/security/transport/security_handshaker.c","file_line":346,"referenced_errors":[{"created":"@1524356529.629325854","description":"OS
>
> Error","errno":32,"file":"src/core/lib/iomgr/tcp_posix.c","file_line":424,"grpc_status":14,"os_error":"Broken
>
> pipe","syscall":"sendmsg"}]}
>
> Is there something I am missing? (Please let me know if any other
> relevant logging/output I should include.)
>
> Thanks,
> Todd
>
--
You received this message because you are subscribed to the Google Groups
"grpc.io" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/group/grpc-io.
To view this discussion on the web visit
https://groups.google.com/d/msgid/grpc-io/b99ca5f7-06a6-412b-ba64-e07d65cb16fd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
