The client is a Cisco device, so unfortunately I don't know exactly what it does. But I did have to copy my root cert over to the client device, so I'm assuming it does largely what your example does.
Should I have anything set for sslOps.pem_root_certs? Some of the examples appear to have something, but then others don't. Or is that field only used when I am setting the SSL options for a client? Thanks, Todd On Tuesday, April 24, 2018 at 12:29:10 PM UTC-7, Arpit Baldeva wrote: > > The code you have on server side looks correct to me(I have pretty much > the same code). > > Have you loaded the root cert for the server on the client (the CA that > issued the cert to the server)? On client side, code could look like: > > std::string rootCerts; > readSSLFile("cacert.pem", rootCerts); > > grpc::SslCredentialsOptions sslOps; > sslOps.pem_root_certs = rootCerts; > > GrpcClient > grpceClient(grpc::CreateChannel(ENDPOINT_1_EXTERNAL_SECURE, > grpc::SslCredentials(sslOps))); > > There are some details at https://github.com/grpc/grpc/issues/9593 > > HTH. > > > > On Sunday, April 22, 2018 at 8:43:48 AM UTC-7, Todd Defilippi wrote: >> >> I am trying to get TLS authentication working for a C++ server >> implementation I am working on. >> >> The relevant code is: >> >> grpc::SslServerCredentialsOptions::PemKeyCertPair keyCert >> = { tlsKeyContents_, tlsCertContents_ }; >> grpc::SslServerCredentialsOptions sslOps; >> sslOps.pem_root_certs = ""; >> sslOps.pem_key_cert_pairs.push_back(keyCert); >> builder_->AddListeningPort(addr, >> grpc::SslServerCredentials(sslOps)); >> >> where tlsKeyContents_ and tlsCertContents_ are the server key and >> certifiticate, respectively. >> >> I seem to be unable to get the TLS handshake to work. When I enable gRPC >> logging, I see: >> >> D0421 17:22:09.629340909 24866 tcp_posix.c:531] write: >> {"created":"@1524356529.629325854","description":"OS >> Error","errno":32,"file":"src/core/lib/iomgr/tcp_posix.c","file_line":424,"grpc_status":14,"os_error":"Broken >> >> pipe","syscall":"sendmsg"} >> D0421 17:22:09.629435059 24866 security_handshaker.c:126] Security >> handshake failed: >> {"created":"@1524356529.629415453","description":"Handshake write >> failed","file":"src/core/lib/security/transport/security_handshaker.c","file_line":346,"referenced_errors":[{"created":"@1524356529.629325854","description":"OS >> >> Error","errno":32,"file":"src/core/lib/iomgr/tcp_posix.c","file_line":424,"grpc_status":14,"os_error":"Broken >> >> pipe","syscall":"sendmsg"}]} >> D0421 17:22:09.629455934 24866 lockfree_event.c:167] >> lfev_set_shutdown: 0x7fa0911b1648 curr=(nil) >> err={"created":"@1524356529.629415453","description":"Handshake write >> failed","file":"src/core/lib/security/transport/security_handshaker.c","file_line":346,"referenced_errors":[{"created":"@1524356529.629325854","description":"OS >> >> Error","errno":32,"file":"src/core/lib/iomgr/tcp_posix.c","file_line":424,"grpc_status":14,"os_error":"Broken >> >> pipe","syscall":"sendmsg"}]} >> D0421 17:22:09.629474573 24866 lockfree_event.c:167] >> lfev_set_shutdown: 0x7fa0911b1650 curr=0x2 >> err={"created":"@1524356529.629415453","description":"Handshake write >> failed","file":"src/core/lib/security/transport/security_handshaker.c","file_line":346,"referenced_errors":[{"created":"@1524356529.629325854","description":"OS >> >> Error","errno":32,"file":"src/core/lib/iomgr/tcp_posix.c","file_line":424,"grpc_status":14,"os_error":"Broken >> >> pipe","syscall":"sendmsg"}]} >> D0421 17:22:09.629490837 24866 combiner.c:218] >> C:0x7fa09105ec60 grpc_combiner_execute c=0x7fa091231c90 cov=0 last=1 >> D0421 17:22:09.629500108 24866 timer_generic.c:322] TIMER >> 0x7fa091054980: CANCEL pending=true >> D0421 17:22:09.629506399 24866 chttp2_server.c:83] Handshaking >> failed: {"created":"@1524356529.629415453","description":"Handshake write >> failed","file":"src/core/lib/security/transport/security_handshaker.c","file_line":346,"referenced_errors":[{"created":"@1524356529.629325854","description":"OS >> >> Error","errno":32,"file":"src/core/lib/iomgr/tcp_posix.c","file_line":424,"grpc_status":14,"os_error":"Broken >> >> pipe","syscall":"sendmsg"}]} >> >> Is there something I am missing? (Please let me know if any other >> relevant logging/output I should include.) >> >> Thanks, >> Todd >> > -- You received this message because you are subscribed to the Google Groups "grpc.io" group. To unsubscribe from this group and stop receiving emails from it, send an email to grpc-io+unsubscr...@googlegroups.com. To post to this group, send email to grpc-io@googlegroups.com. Visit this group at https://groups.google.com/group/grpc-io. To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/21ee6dce-5882-483a-bd12-20d70733e380%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.