The client is a Cisco device, so unfortunately I don't know exactly what it
does. But I did have to copy my root cert over to the client device, so
I'm assuming it does largely what your example does.
Should I have anything set for sslOps.pem_root_certs? Some of the examples
appear to have something, but then others don't. Or is that field only
used when I am setting the SSL options for a client?
Thanks,
Todd
On Tuesday, April 24, 2018 at 12:29:10 PM UTC-7, Arpit Baldeva wrote:
>
> The code you have on server side looks correct to me(I have pretty much
> the same code).
>
> Have you loaded the root cert for the server on the client (the CA that
> issued the cert to the server)? On client side, code could look like:
>
> std::string rootCerts;
> readSSLFile("cacert.pem", rootCerts);
>
> grpc::SslCredentialsOptions sslOps;
> sslOps.pem_root_certs = rootCerts;
>
> GrpcClient
> grpceClient(grpc::CreateChannel(ENDPOINT_1_EXTERNAL_SECURE,
> grpc::SslCredentials(sslOps)));
>
> There are some details at https://github.com/grpc/grpc/issues/9593
>
> HTH.
>
>
>
> On Sunday, April 22, 2018 at 8:43:48 AM UTC-7, Todd Defilippi wrote:
>>
>> I am trying to get TLS authentication working for a C++ server
>> implementation I am working on.
>>
>> The relevant code is:
>>
>> grpc::SslServerCredentialsOptions::PemKeyCertPair keyCert
>> = { tlsKeyContents_, tlsCertContents_ };
>> grpc::SslServerCredentialsOptions sslOps;
>> sslOps.pem_root_certs = "";
>> sslOps.pem_key_cert_pairs.push_back(keyCert);
>> builder_->AddListeningPort(addr,
>> grpc::SslServerCredentials(sslOps));
>>
>> where tlsKeyContents_ and tlsCertContents_ are the server key and
>> certifiticate, respectively.
>>
>> I seem to be unable to get the TLS handshake to work. When I enable gRPC
>> logging, I see:
>>
>> D0421 17:22:09.629340909 24866 tcp_posix.c:531] write:
>> {"created":"@1524356529.629325854","description":"OS
>> Error","errno":32,"file":"src/core/lib/iomgr/tcp_posix.c","file_line":424,"grpc_status":14,"os_error":"Broken
>>
>> pipe","syscall":"sendmsg"}
>> D0421 17:22:09.629435059 24866 security_handshaker.c:126] Security
>> handshake failed:
>> {"created":"@1524356529.629415453","description":"Handshake write
>> failed","file":"src/core/lib/security/transport/security_handshaker.c","file_line":346,"referenced_errors":[{"created":"@1524356529.629325854","description":"OS
>>
>> Error","errno":32,"file":"src/core/lib/iomgr/tcp_posix.c","file_line":424,"grpc_status":14,"os_error":"Broken
>>
>> pipe","syscall":"sendmsg"}]}
>> D0421 17:22:09.629455934 24866 lockfree_event.c:167]
>> lfev_set_shutdown: 0x7fa0911b1648 curr=(nil)
>> err={"created":"@1524356529.629415453","description":"Handshake write
>> failed","file":"src/core/lib/security/transport/security_handshaker.c","file_line":346,"referenced_errors":[{"created":"@1524356529.629325854","description":"OS
>>
>> Error","errno":32,"file":"src/core/lib/iomgr/tcp_posix.c","file_line":424,"grpc_status":14,"os_error":"Broken
>>
>> pipe","syscall":"sendmsg"}]}
>> D0421 17:22:09.629474573 24866 lockfree_event.c:167]
>> lfev_set_shutdown: 0x7fa0911b1650 curr=0x2
>> err={"created":"@1524356529.629415453","description":"Handshake write
>> failed","file":"src/core/lib/security/transport/security_handshaker.c","file_line":346,"referenced_errors":[{"created":"@1524356529.629325854","description":"OS
>>
>> Error","errno":32,"file":"src/core/lib/iomgr/tcp_posix.c","file_line":424,"grpc_status":14,"os_error":"Broken
>>
>> pipe","syscall":"sendmsg"}]}
>> D0421 17:22:09.629490837 24866 combiner.c:218]
>> C:0x7fa09105ec60 grpc_combiner_execute c=0x7fa091231c90 cov=0 last=1
>> D0421 17:22:09.629500108 24866 timer_generic.c:322] TIMER
>> 0x7fa091054980: CANCEL pending=true
>> D0421 17:22:09.629506399 24866 chttp2_server.c:83] Handshaking
>> failed: {"created":"@1524356529.629415453","description":"Handshake write
>> failed","file":"src/core/lib/security/transport/security_handshaker.c","file_line":346,"referenced_errors":[{"created":"@1524356529.629325854","description":"OS
>>
>> Error","errno":32,"file":"src/core/lib/iomgr/tcp_posix.c","file_line":424,"grpc_status":14,"os_error":"Broken
>>
>> pipe","syscall":"sendmsg"}]}
>>
>> Is there something I am missing? (Please let me know if any other
>> relevant logging/output I should include.)
>>
>> Thanks,
>> Todd
>>
>
--
You received this message because you are subscribed to the Google Groups
"grpc.io" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to grpc-io+unsubscr...@googlegroups.com.
To post to this group, send email to grpc-io@googlegroups.com.
Visit this group at https://groups.google.com/group/grpc-io.
To view this discussion on the web visit
https://groups.google.com/d/msgid/grpc-io/21ee6dce-5882-483a-bd12-20d70733e380%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
