Thanks. I have recreated the certificates and the handshake pass successfully
On Wednesday, October 17, 2018 at 5:13:38 PM UTC+3, [email protected] wrote: > > Hi, > I am trying to setup a gRPC client and server example on WSL with SSL > (server authentication only) > > I created the following files (following this tutorial: > https://jsherz.com/grpc/node/nodejs/mutual/authentication/ssl/2017/10/27/grpc-node-with-mutual-auth.html > ) > > *my_root_cert.crt* > -----BEGIN CERTIFICATE----- > MIIEgDCCAmigAwIBAgIQBSsnVXC24hhmdgVV6NlFXzANBgkqhkiG9w0BAQsFADA3 > MRcwFQYDVQQKEw5FbnJpY2htZW50IEluYzEcMBoGA1UEAxMTRW5yaWNobWVudCBz > ZXJ2aWNlczAeFw0xODEwMTcwODE2MjVaFw0yMDA0MTcwODEwMTFaMCUxIzAhBgNV > BAMTGkxULTgyMDRQVC5jZWxsZWJyaXRlLmxvY2FsMIIBIjANBgkqhkiG9w0BAQEF > AAOCAQ8AMIIBCgKCAQEAuk+HpXl6WE7oYm+AfgRqPWDc4MWCErax7LmFXXQXuh9x > a6Rv7fa/Vu7v31mQhdrFIcQu8DW/4q9jkGTYp4mUsmA7TapWhWDtN1GCr+gHeUYN > oFwXP3pki9BWWCR4lrCNeInSpDzTn71eymyfItUcWYHWcm4uM/hQ03/KpXtDzdHr > IQPDH6QmNFi8ulfyv6Urr/DOC9QHazgYnShHPJMEnUXv05vP0lAT30qR/9yaTcke > XI+332G+38iivLNp1ESWh+u+uMm1Yf/cz/Ai1rCPdTct/br1bl2LWm1vz6vI176W > 93oHCOOcAW+/Hf/11F/KvtlVBoZ0Tl6e7d++tDnG9wIDAQABo4GZMIGWMA4GA1Ud > DwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0O > BBYEFP/stlJSMQ0Pf1I8RFZ9jMNFqbmlMB8GA1UdIwQYMBaAFMKTZ5z5ZU9uSurP > Lqi1Yfnfi4gfMCUGA1UdEQQeMByCGkxULTgyMDRQVC5jZWxsZWJyaXRlLmxvY2Fs > MA0GCSqGSIb3DQEBCwUAA4ICAQAEdZ5+RvPfg46DypZx3pctlWa4r2yFln8gzwyW > Xq6VaK29jkFNlbchOXkFrhtOWIskZLmmNhLOCWHDgvleclt96kHxjr4tAC8S6rRb > sjTSnhkIFOQYSGvBDTTuvNb371zl5kXlnCFntvpOh4PxTmzlyb1TdnZXUYWSDuDl > eL5KBeFCoZhzsohZB+LTsOeRfYR86koMSpZKZcg5NxQfjdni7WMPti956jITOKm/ > FVh57HWMZWe587gtvK9Ntm29j4uiX6skpgprHgHwzBnfYIiyCWRneu2IZ7oJjeU1 > s+IsskYpNLx/9tyV3PHcbcslvxDsV8SntW6Ds5kIc/qtgBqv2cmAc4fECTEJdJLP > 7aMBhq3nKTEQoogy0VgNUKrQG66y0x467epiHtMO6doxCEt0wcvH/Z4ou4Vm9MtL > dXpJ4a60Vqpd1Da3WuyNFP0YeINeDjgREJHEIkdwpbm86RkxgZtQM2C7lsB3A4rg > H2ql7nvx3YXQOqcdWk+OwB6f70nvEm8Ph1U/qeLPchB4YnzQ670nDRjY4boKaZ1g > hZKdD/J6j9Aua7F2NhCvzFlgKEALZbhPzzy+XwYZWf+oF2OB+rVA462g6ULWplkd > 70Nb+hecRqp8y4D1qn1bcZftfsAxhv73Myb+fwUBnhWNKTFpW5HSTZYY0qx5zOf1 > rlGphw== > -----END CERTIFICATE----- > > *my_private.key (private_key)* > -----BEGIN RSA PRIVATE KEY----- > MIIJKQIBAAKCAgEAzcgKxU9Xss9Lup0atVdCrRAn/W/mAyVpSZrlRWdO9/Rk4GuN > MehNNaCUrux+UQ8kUJn8S9+PBHW1SSG/IkRazfnk9Y9ThlIQiU3PNVbY9cHwXwf1 > kTtMe7jo58B1vY4MM4Llu311WQ74ru4voElyupZh7m8wlbEIhqNZAuZ2733wgntv > kX0EXVb1wKdnQDCX+aDwti6KEIyI04dMdlpJ+cwkJnXTErwCdePF26lx8Lw3SNji > WLiiQJewBJQ5qDmeOL/5dDXu4cf/6kp/wPrQaKUEAtw8gK90QJJR9trO2GiWalhI > b+oHA+eLsOultqk3ZlQ0l84QKtwUkDnPpR4PK5yI+ykBZXSuFX0eyM0vOIf65I3e > UxIfKGm3f4Xh0gn2hRCFvVQ/wNUdsTi+itn9JipzzPK/OtI7+pkLi/mEdb6uD+50 > 9Y/icnVope3KNsYqAfg0KNiv5l5gBzEISvRbwm4IEQ/4QjyBAPac19LoI1scECv4 > imyD/R3/7bxdbsTPJwg+wdyevGB1SU0D2DtopM8qR62lqzcJLaeZXIq1U5TYqwFu > CsEjs8ZKiTe+2NiFpCFvPtZha4ulUt2sdk8h/d07VZW92i1EnkeKyRTVo0TLkU0m > v46/bFH5VkoruAJFsuNPucdK35s6yPFgH2/Xtql7VL3ZRNGapjsukf6uHPUCAwEA > AQKCAgEAnKKhODE9wvixXxnIw7HpKcx7dBkhztFCRGmoDN0nKewYgQ68yflWE/To > WAHh4JeS/9tGRQalWTKzzDfowg+fwtttYVE4taxvs+PLToGN4fs+mUd4r5Sgkihc > +FLyDFg8h1Uiw0Uq9qBDwPvCutJNhyOC5bgzFi5MHBfoYCHG9GM7mEaW1PqBQP85 > Tuzd1elnNPdBYpsoMpKWb9Sz6f6uAntWJQRYpxD/GndHGv3uodzShBu6pufbcSlF > LScagCdjfTT7j26iJ7BR5yfP+LexvYWl+Ptk/lsPNTtrMmi5O9bYb5hFgxJzRpCQ > Lxof6FsDtVtxMQAEJGujJ2kp2jh4OE630b/yrHdhfXiBCnvnaZZatr8x5QwTS7d8 > 6AF2/CGmbnKe5CfJ4ry99EQrIhUNk19l+De2lk5hDHldm+8A5zJVKzPEcj7wU/sC > jXDS3orDcECBr2bqWp0pLHPy+SQcerPsnpD+1pxsPPuJhOdpLRTNk99umhojiWdw > i17EjR9qKE1aFSfBCu7DloVD0bF9+nDLmVT2P9oZAchRI8Qd/o93K+FUTKpbybyQ > D7YVb3CDnshtCV2DfyeVibVnoJOdEuY72/KF5qbphBpH/NSL5RgJ90n3Xo+x8qyd > 2GjapwdOYRSWuJRaqlD4pPeWRs/A5NXSJi9cfGoRL5aW+T18feECggEBANV3xf9a > kFsoms10Sg+OSU15mhcvPkLkqnMiiqjGGWtjGT9H5PuFjTvBY36f0rlWADLvSPyz > oNuV3JaMhAFpjYUQzFXOtbm/CejjzQdn8ZLW6WtMA4e8buy/w9Xek0XgZXsvNAg1 > U2OWKXH0qUN0GtVc2smo6dy+uy6L7LkNc+QDWopBzDdZf8r/k1dRI7iU5zSo/Bo6 > f04d3AYf5QGTmBosJYkXppzk/TRc7/O7jjr5Ta0zF3lE9sdSsdrCCNFb5jgJafuu > 8Is5li49jbQ2IxXgPVvHqVW4RebcV6IcXavmNnUUYENDr7bLqAWdsKhu7kF0L3f7 > FyHJrMHvjzwbqskCggEBAPbINeMx6uTpDrktf/O+ecsmBB9Y+9k6hh5mxdq/aZDd > rYeiZ2hSm7haZQEXPa04S0Z0CgqWw/ucCgOdUUdprzWiomGKcKdBn/cro4mauoFQ > DXs9BBhQBWRbNNe9jIR9g6aOW3wsoS+4+qwU/98fxD0g5jHznclge0c7ny8LygYF > T/dhAv/XM79zX9Vdr88H69ELsGRzC28bOECYwU8kxFL109CSoNjxljj0NlGSARUC > 2ZzIQ2lMxhRzy1a7U/7KA/vYw7sY+vbLQOYPZ0WqxvIwbltJ2URSBrylCel9ehKa > /hIDrIMSgnBx/hHWE0IaGqkNlgLJYWMJTD2QxYPGis0CggEAcRwj9+he8U6UqCTk > UVXNlZXHhl1sGjnb72HwIvnE4lgCOru3o2birTUNqTy6haYCOPr9q5jqtS+1ULho > Ae+SI14BR75eIGwPri12qGP1Zx8lU8tVW4kHJb9+30Yutynt29XpNig7ZVtd3poL > TkipJ0EqVQyBzovp1wIhjvSH4du9D+FJelKcGk5OHkhKKzYLRKX930/7wMKloUEp > MSqpv8SApyG3EQ9s82ADbRyGgs0y0YFvAL0AHiG9R/LkhTqyxCKI2+mYX81FvH61 > JTZCZQcKvCURnvAjae57KNTq9XjohiUj1MB6zNsgzsj9oGIXMOuFc4fCfA7G0YRE > W081sQKCAQAnTQkv7nIvFGKQ4QsggTQaQyqi52PsW2KiktFtndAtDvCkyhtXxNgh > ytuNCet7m5x5Ut+Kgioh9t6tZq9cBRuvGgBsMkTwjgXwshVwQ6DyGRKcjsIJMS06 > pz/KH9ix/N8rdj5hjyX4WKgrIYkCOqfg6E1gpSB6wo+/b2JRdrosrUnn5p44qkgG > dFRNwYbPHL7UYt0rkhq/DgGuX+VhOkS9xYJ/E+rjwc2fsly4Lt1XQEXxrv71VRGy > jiJS5LBiwj9SK1o4gKjvBr2GJevXb3QRe98HUMJ2G+4QuuPSOHZpYh+WNNmTYi49 > xBmnM4WLoGagh5ZdST7mK8Plhhm+e679AoIBAQCFZY8hDyEemsHqnzPlkuvG+bBD > RD5QJ9epemDYm78SzDXZ2L1y+luNZVE0XlqXyEXe6z5qcZfa+o7BOLZIXH7qASXf > pGewHjcfPAzWpgYCNCkADbDtLWAhFg3fotGvRYj5n0cqVAmGqZBGsva4mEHA7jn5 > /ra+FPZgKB1UapLrQ9ZxYPNZ9kD3UavTr8U+uWNV1PnOXSyjREyT9LO5N4HJQBEt > IbYf2GHcpAmghq5nxvPTGi9kwhjBhmjyYskMI+yAbWmqBpZ3+2n5Sx9fCnRyQlBx > emU9U0u2Q4S9m58SQAS8nso0WEO1qTR2bAwKTTSROqKeP0SPiLftRMJL8Hnu > -----END RSA PRIVATE KEY----- > > *my_crt.crt (cert_chain)* > -----BEGIN CERTIFICATE----- > MIIFLjCCAxagAwIBAgIBATANBgkqhkiG9w0BAQsFADA3MRcwFQYDVQQKEw5FbnJp > Y2htZW50IEluYzEcMBoGA1UEAxMTRW5yaWNobWVudCBzZXJ2aWNlczAeFw0xODEw > MTcwODEwMTJaFw0yMDA0MTcwODEwMTJaMDcxFzAVBgNVBAoTDkVucmljaG1lbnQg > SW5jMRwwGgYDVQQDExNFbnJpY2htZW50IHNlcnZpY2VzMIICIjANBgkqhkiG9w0B > AQEFAAOCAg8AMIICCgKCAgEAzcgKxU9Xss9Lup0atVdCrRAn/W/mAyVpSZrlRWdO > 9/Rk4GuNMehNNaCUrux+UQ8kUJn8S9+PBHW1SSG/IkRazfnk9Y9ThlIQiU3PNVbY > 9cHwXwf1kTtMe7jo58B1vY4MM4Llu311WQ74ru4voElyupZh7m8wlbEIhqNZAuZ2 > 733wgntvkX0EXVb1wKdnQDCX+aDwti6KEIyI04dMdlpJ+cwkJnXTErwCdePF26lx > 8Lw3SNjiWLiiQJewBJQ5qDmeOL/5dDXu4cf/6kp/wPrQaKUEAtw8gK90QJJR9trO > 2GiWalhIb+oHA+eLsOultqk3ZlQ0l84QKtwUkDnPpR4PK5yI+ykBZXSuFX0eyM0v > OIf65I3eUxIfKGm3f4Xh0gn2hRCFvVQ/wNUdsTi+itn9JipzzPK/OtI7+pkLi/mE > db6uD+509Y/icnVope3KNsYqAfg0KNiv5l5gBzEISvRbwm4IEQ/4QjyBAPac19Lo > I1scECv4imyD/R3/7bxdbsTPJwg+wdyevGB1SU0D2DtopM8qR62lqzcJLaeZXIq1 > U5TYqwFuCsEjs8ZKiTe+2NiFpCFvPtZha4ulUt2sdk8h/d07VZW92i1EnkeKyRTV > o0TLkU0mv46/bFH5VkoruAJFsuNPucdK35s6yPFgH2/Xtql7VL3ZRNGapjsukf6u > HPUCAwEAAaNFMEMwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQAw > HQYDVR0OBBYEFMKTZ5z5ZU9uSurPLqi1Yfnfi4gfMA0GCSqGSIb3DQEBCwUAA4IC > AQCZicw1L1DK5OEBofVSTKXdAWZnCzVguFl0veNeIk6kvXZjoRB70tssUAOA374O > rIcPq0XXw0kO26m51pnEK2LK4iBlmY4bGWxVNnyh860bzISUunSA1Bw95rSU366V > 1+hVo8sESnJdq6B/miQwsasF0Bd8EDvN9LRFgnw5ModsjRK9soz2BQLPd1row7Gy > lh73OEaKvNmcqN8mygC7uPVztQvbNM7Wb/oIpNIhVvgVqs0j0Yhbn693Ig7k/uuD > zJCF0O34AMbMoHDAdigDyymdcR+TJtroaTnM7w6wquVQIWzGmmY3ix3TUD5YBCWV > 7xVY7X4kXKAkHc/hodA1DH9xgpJyW5Dc7TtDajPPYsOuxFZGJXtdOaIIiL7KbVU8 > Y8oeQi5OPNsouqXBm4i6r5t0BjNx5zRIgvNioKpgdcQsSQvlWLqDfCiOoQgcB/E+ > 1ZR5SH9SLMH+2CSRnCui1TyxJW4yTzVCOkQEWSa1u/67uuzg1y6ouqk3kZGP6Wwg > t3qdFM9sD0Pl/C4qVc9iqdyqIMXSDD4pOLEqyZ7J6V7yg4JCI7gRktGPpcqoHD29 > 78+nsmYxgbdDQ8YxV+UKNxP9ocWYmjh0RMTAvO9J71gVNY4GzWLytKqfci2hb3+v > /vxB0XOqSX7RrmN6eryAHgwFtbTp13SZDAtMxxwbYQYH6Q== > -----END CERTIFICATE----- > > And I use them as follows: > > *Server Code* > server.bind('0.0.0.0:50051', grpc.ServerCredentials.createSsl( > Buffer.from(fs.readFileSync(my_root_cert.crt"))), > [{ > private_key: Buffer.from(fs.readFileSync(my_private.key"))), > cert_chain: Buffer.from(fs.readFileSync(my_crt.crt"))) > }], > false)); > server.start(); > > *Client Code* > var client = new hello_proto.Greeter('localhost:50051', grpc.credentials. > createSsl( > Buffer.from(fs.readFileSync(my_root_cert.crt"))) > )); > > *Result running the client* > E1017 16:17:10.176686000 11891 ssl_transport_security.cc:1229] Handshake > failed with fatal error SSL_ERROR_SSL: error:14090086:SSL > routines:ssl3_get_server_certificate:certificate verify failed. > > *Server error after client made the request* > I1017 17:06:18.330876700 11925 tcp_custom.cc:217] write > complete on 0x2d90750: error="No Error" > I1017 17:06:18.331029000 11925 resource_quota.cc:873] RQ > anonymous_pool_2d8e8d0 ipv4:127.0.0.1:60074: alloc 8192; free_pool -> 0 > I1017 17:06:18.331222900 11925 tcp_custom.cc:174] TCP:0x2d90750 > read_allocation_done: "No Error" > I1017 17:06:18.331411000 11925 tcp_custom.cc:191] Initiating > read on 0x2d90750: error="No Error" > I1017 17:06:18.331593800 11925 completion_queue.cc:954] > grpc_completion_queue_next(cq=0x2d9d220, deadline=gpr_timespec { tv_sec: > -9223372036854775808, tv_nsec: 0, clock_type: 0 }, reserved=(nil)) > I1017 17:06:18.331740200 11925 completion_queue.cc:1054] > RETURN_EVENT[0x2d9d220]: QUEUE_TIMEOUT > I1017 17:06:18.332470400 11925 resource_quota.cc:896] RQ > anonymous_pool_2d8e8d0 ipv4:127.0.0.1:60074: free 8192; free_pool -> 8192 > I1017 17:06:18.332555800 11925 tcp_custom.cc:128] TCP:0x2d90750 > call_cb 0x2dce3c0 0x7f5d07b63a30:0x2dce1f0 > I1017 17:06:18.332633300 11925 tcp_custom.cc:132] read: > error={"created":"@1539785178.332456900","description":"EOF","file":"../deps/grpc/src/core/lib/iomgr/tcp_uv.cc","file_line":107} > D1017 17:06:18.332712400 11925 security_handshaker.cc:129] Security > handshake failed: > {"created":"@1539785178.332702700","description":"Handshake read > failed","file":"../deps/grpc/src/core/lib/security/transport/security_handshaker.cc","file_line":321,"referenced_errors":[{"created":"@1539785178.332456900","description":"EOF","file":"../deps/grpc/src/core/lib/iomgr/tcp_uv.cc","file_line":107}]} > I1017 17:06:18.332782200 11925 tcp_custom.cc:286] TCP 0x2d90750 > shutdown why={"created":"@1539785178.332702700","description":"Handshake > read > failed","file":"../deps/grpc/src/core/lib/security/transport/security_handshaker.cc","file_line":321,"referenced_errors":[{"created":"@1539785178.332456900","description":"EOF","file":"../deps/grpc/src/core/lib/iomgr/tcp_uv.cc","file_line":107}]} > I1017 17:06:18.332864100 11925 handshaker.cc:212] > handshake_manager 0x2d92650: > error={"created":"@1539785178.332702700","description":"Handshake read > failed","file":"../deps/grpc/src/core/lib/security/transport/security_handshaker.cc","file_line":321,"referenced_errors":[{"created":"@1539785178.332456900","description":"EOF","file":"../deps/grpc/src/core/lib/iomgr/tcp_uv.cc","file_line":107}]} > > shutdown=0 index=1, args={endpoint=(nil), args=(nil) {size=0: (null)}, > read_buffer=(nil) (length=0), exit_early=0} > I1017 17:06:18.333795500 11925 handshaker.cc:245] > handshake_manager 0x2d92650: handshaking complete -- scheduling > on_handshake_done with > error={"created":"@1539785178.332702700","description":"Handshake read > failed","file":"../deps/grpc/src/core/lib/security/transport/security_handshaker.cc","file_line":321,"referenced_errors":[{"created":"@1539785178.332456900","description":"EOF","file":"../deps/grpc/src/core/lib/iomgr/tcp_uv.cc","file_line":107}]} > D1017 17:06:18.333917300 11925 chttp2_server.cc:113] Handshaking > failed: {"created":"@1539785178.332702700","description":"Handshake read > failed","file":"../deps/grpc/src/core/lib/security/transport/security_handshaker.cc","file_line":321,"referenced_errors":[{"created":"@1539785178.332456900","description":"EOF","file":"../deps/grpc/src/core/lib/iomgr/tcp_uv.cc","file_line":107}]} > I1017 17:06:18.334201900 11925 resource_quota.cc:532] RU shutdown > 0x2d916c0 > I1017 17:06:18.334281900 11925 completion_queue.cc:954] > grpc_completion_queue_next(cq=0x2d9d220, deadline=gpr_timespec { tv_sec: > -9223372036854775808, tv_nsec: 0, clock_type: 0 }, reserved=(nil)) > I1017 17:06:18.334347300 11925 completion_queue.cc:1054] > RETURN_EVENT[0x2d9d220]: QUEUE_TIMEOUT > > *Any idea why the handshake fails?* > > -- You received this message because you are subscribed to the Google Groups "grpc.io" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/grpc-io. To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/84b3c71b-2151-4add-a3b9-ee0fb8afc84b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
