Srini, thanks for the reply. I tried again with the latest changes and it works!
On Tuesday, February 5, 2019 at 4:01:54 PM UTC-8, [email protected] wrote: > > Hello, > > > We are currently facing an issue with trying to connect our PHP gRPC > client with SSL to our Java gRPC server. The gRPC service we are trying to > connect to is running on a service mesh (linkerd/namerd), and the call > first hits a linkerd instance that routes to the service. > > > When we run a Java client using the trusted certificate, it is able to > connect to the server; however, with a Python and PHP client, the SSL > connection fails even with the same cert. > > > Java client code: > > > ManagedChannel channel = NettyChannelBuilder.forAddress(host, port) > .overrideAuthority(‘cert- > common-name’) > .sslContext(GrpcSslContexts. > forClient().trustManager(new File(‘path/to/cert’)).build()) > .build(); > > > > Python code: > > > credentials = grpc.ssl_channel_credentials(open(‘path/to/cert’).read()) > channel = grpc.secure_channel(host + str(port), credentials, options=(( > 'grpc.default_authority', ‘cert-common-name’,),)) > > > > PHP code: > > > > $channel_credentials = \Grpc\ChannelCredentials::createSsl( > file_get_contents(‘path/to/cert’)); > $channel = new \Grpc\Channel($hostname, > [ > 'grpc_target_persist_bound' => 2, > 'grpc.default_authority' => ‘cert-common-name’, > 'credentials' => $channel_credentials > ]); > > > > We are interested in fixing the problem for PHP at the moment. Our PHP > client runs in a CentOS 7 docker container with nginx + php-fpm. > > > We have tried to make the OS trust the certificate by using > update-ca-trust. Running *openssl s_client -connect host:port* returns: > >> >> verify error:num=2:unable to get issuer certificate > > > We receive the following error when calling the server with the created > client for PHP: > > > ssl_transport_security.cc:1229] Handshake failed with fatal error >> SSL_ERROR_SSL: error:1000007d:SSL >> routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED > > > With the gRPC logs, we can see that the connection fails when it tries to > call the security handshake. > > > We are not sure why the Java client is able to connect to the server while > the PHP and Python clients cannot with the same cert. > > > Has anyone ran into these issues before? It would be helpful if anyone has > some information on this as this is currently a high priority blocker for > us. > > > Thank you. > -- You received this message because you are subscribed to the Google Groups "grpc.io" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/grpc-io. To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/a7ec1715-0e8f-4e3e-b257-42af122ffdee%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
