Thanks David, I am switched my iOS code to calling setTLSPEMRootCerts( certStringData, forHost: myHostName). From what I can see everything is set up correctly.
But I get: E0423 16:45:55.527496000 123145544478720 ssl_transport_security.cc:1233] Handshake failed with fatal error SSL_ERROR_SSL: error:100000f7:SSL routines:OPENSSL_internal:WRONG_VERSION_NUMBER. E0423 16:46:00.529906000 123145543942144 ssl_transport_security.cc:1233] Handshake failed with fatal error SSL_ERROR_SSL: error:100000f7:SSL routines:OPENSSL_internal:WRONG_VERSION_NUMBER. E0423 16:46:05.530279000 123145544478720 ssl_transport_security.cc:1233] Handshake failed with fatal error SSL_ERROR_SSL: error:100000f7:SSL routines:OPENSSL_internal:WRONG_VERSION_NUMBER. E0423 16:46:10.533879000 123145543942144 ssl_transport_security.cc:1233] Handshake failed with fatal error SSL_ERROR_SSL: error:100000f7:SSL routines:OPENSSL_internal:WRONG_VERSION_NUMBER. E0423 16:46:15.537614000 123145543942144 ssl_transport_security.cc:1233] Handshake failed with fatal error SSL_ERROR_SSL: error:100000f7:SSL routines:OPENSSL_internal:WRONG_VERSION_NUMBER. E0423 16:46:25.543934000 123145543942144 ssl_transport_security.cc:1233] Handshake failed with fatal error SSL_ERROR_SSL: error:100000f7:SSL routines:OPENSSL_internal:WRONG_VERSION_NUMBER. E0423 16:46:40.549839000 123145544478720 ssl_transport_security.cc:1233] Handshake failed with fatal error SSL_ERROR_SSL: error:100000f7:SSL routines:OPENSSL_internal:WRONG_VERSION_NUMBER. On Monday, April 22, 2019 at 5:04:04 PM UTC-4, David Cowden wrote: > > grpc bundles openssl (boringssl) and ships with its own roots.pem. It does > not use the system store on iOS. You can either manually add your CA > certificate to that file at `pod install`/`pod update` time or, preferably, > configure grpc to use your in-house CA when you create the GRPCCall via > https://github.com/grpc/grpc/blob/36b47ce0de60754cf14258e15d25dd2d1bb5abe0/src/objective-c/GRPCClient/GRPCCall%2BChannelCredentials.h#L24 > > GRPC_TRACE=all will surface some errors that you can use. They show up in > the log in Xcode if you have All Output selected. > > David > > > > On Mon, Apr 22, 2019 at 1:36 PM Rob Cecil <[email protected] <javascript:>> > wrote: > >> I have an existing implementation of a c#-based Grpc server (running on >> Windows 10 Server), and iOS/Objc-based grpc client and I can successfully >> connect, login, make calls, etc. My issue is switching from nonsecure to >> SSL, using the same network Name & port, etc. >> >> I'm using self-signed server certificates, and I distribute the CA Cert >> that I created for my org to the test iOS device (via email) and install >> the Profile and make sure it is valid and activated in iOS Settings. >> >> When I enable SSL in the client and server, I cannot connect. There is no >> discernable error on either side. The connect aborts right away. >> >> I am following roughly the same steps here to initialize and start the C# >> Server: >> >> >> https://stackoverflow.com/questions/37714558/how-to-enable-server-side-ssl-for-grpc >> >> Here's my relevant code snippet: >> >> ServerCredentials credentials = ServerCredentials.Insecure; >> if (cfg.UseSSL) >> { >> var cacert = File.ReadAllText(cfg.CACertLocation); >> var servercert = File.ReadAllText(cfg.ServerCertLocation); >> var serverkey = File.ReadAllText(cfg.ServerKeyLocation); >> var keypair = new KeyCertificatePair(servercert, >> serverkey); >> credentials = new SslServerCredentials(new >> List<KeyCertificatePair> { keypair }, cacert, false); >> } >> >> var server = new Server >> { >> Services = >> { >> BackendService.BindService(wanderBackendServiceImpl), >> ManagementService.BindService(management) >> }, >> Ports = { { hostAddress, port, credentials } } >> }; >> >> server.Start(); >> >> On the iOS side, it simply a matter of not turning on Insecure mode on >> the relevant Grpc class (i.e. by default SSL is enabled). >> >> I am not using Mutual SSL/TLS - the client should just attempt to >> validate the server certificate using CA cert it has been signed with (both >> server & CA are created internally at my org). >> >> How do I diagnose my problem? I've been looking at: >> >> https://github.com/grpc/grpc/blob/master/TROUBLESHOOTING.md >> >> But I am not sure where such log information would be by default >> generated. Event Log? >> >> Thanks! >> >> -- >> You received this message because you are subscribed to the Google Groups >> "grpc.io" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To post to this group, send email to [email protected] >> <javascript:>. >> Visit this group at https://groups.google.com/group/grpc-io. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/grpc-io/1b700a9b-edba-4212-95da-03c0c35c634d%40googlegroups.com >> >> <https://groups.google.com/d/msgid/grpc-io/1b700a9b-edba-4212-95da-03c0c35c634d%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > -- You received this message because you are subscribed to the Google Groups "grpc.io" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/grpc-io. To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/dc194d59-9b3e-4939-88e3-f5844a9cddc0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
