Thanks David. It turned out I was still using an IP address after I reset some UI state when I thought I was using a hostname for the server.
THANKS On Wednesday, April 24, 2019 at 1:19:09 PM UTC-4, David Cowden wrote: > > Have you seen: https://github.com/grpc/grpc/issues/9538? Make sure you're > using a secure channel on the client. If you believe you are, perhaps > double check that the CA data you're giving setTLSPEMroots is PEM-formatted > DER-encoded pkcs12. If openssl does not understand the data perhaps the > channel is acting like an insecure one? > > David > > On Tue, Apr 23, 2019 at 2:01 PM Rob Cecil <[email protected] <javascript:>> > wrote: > >> On the server I am using Grpc 1.19. Not sure that could cause the >> handshake issue. >> >> On Tuesday, April 23, 2019 at 4:58:31 PM UTC-4, Rob Cecil wrote: >>> >>> Using on iOS: gRPC version 1.18.0, ProtoCompiler 3.6.0, BoringSSL-GRPC >>> 0.0.2 >>> >>> On Tuesday, April 23, 2019 at 4:49:32 PM UTC-4, Rob Cecil wrote: >>>> >>>> Thanks David, >>>> >>>> I am switched my iOS code to calling setTLSPEMRootCerts( >>>> certStringData, forHost: myHostName). From what I can see everything is >>>> set >>>> up correctly. >>>> >>>> But I get: >>>> >>>> E0423 16:45:55.527496000 123145544478720 >>>> ssl_transport_security.cc:1233] Handshake failed with fatal error >>>> SSL_ERROR_SSL: error:100000f7:SSL >>>> routines:OPENSSL_internal:WRONG_VERSION_NUMBER. >>>> >>>> E0423 16:46:00.529906000 123145543942144 >>>> ssl_transport_security.cc:1233] Handshake failed with fatal error >>>> SSL_ERROR_SSL: error:100000f7:SSL >>>> routines:OPENSSL_internal:WRONG_VERSION_NUMBER. >>>> >>>> E0423 16:46:05.530279000 123145544478720 >>>> ssl_transport_security.cc:1233] Handshake failed with fatal error >>>> SSL_ERROR_SSL: error:100000f7:SSL >>>> routines:OPENSSL_internal:WRONG_VERSION_NUMBER. >>>> >>>> E0423 16:46:10.533879000 123145543942144 >>>> ssl_transport_security.cc:1233] Handshake failed with fatal error >>>> SSL_ERROR_SSL: error:100000f7:SSL >>>> routines:OPENSSL_internal:WRONG_VERSION_NUMBER. >>>> >>>> E0423 16:46:15.537614000 123145543942144 >>>> ssl_transport_security.cc:1233] Handshake failed with fatal error >>>> SSL_ERROR_SSL: error:100000f7:SSL >>>> routines:OPENSSL_internal:WRONG_VERSION_NUMBER. >>>> >>>> E0423 16:46:25.543934000 123145543942144 >>>> ssl_transport_security.cc:1233] Handshake failed with fatal error >>>> SSL_ERROR_SSL: error:100000f7:SSL >>>> routines:OPENSSL_internal:WRONG_VERSION_NUMBER. >>>> >>>> E0423 16:46:40.549839000 123145544478720 >>>> ssl_transport_security.cc:1233] Handshake failed with fatal error >>>> SSL_ERROR_SSL: error:100000f7:SSL >>>> routines:OPENSSL_internal:WRONG_VERSION_NUMBER. >>>> >>>> On Monday, April 22, 2019 at 5:04:04 PM UTC-4, David Cowden wrote: >>>>> >>>>> grpc bundles openssl (boringssl) and ships with its own roots.pem. It >>>>> does not use the system store on iOS. You can either manually add your CA >>>>> certificate to that file at `pod install`/`pod update` time or, >>>>> preferably, >>>>> configure grpc to use your in-house CA when you create the GRPCCall via >>>>> https://github.com/grpc/grpc/blob/36b47ce0de60754cf14258e15d25dd2d1bb5abe0/src/objective-c/GRPCClient/GRPCCall%2BChannelCredentials.h#L24 >>>>> >>>>> GRPC_TRACE=all will surface some errors that you can use. They show up >>>>> in the log in Xcode if you have All Output selected. >>>>> >>>>> David >>>>> >>>>> >>>>> >>>>> On Mon, Apr 22, 2019 at 1:36 PM Rob Cecil <[email protected]> wrote: >>>>> >>>>>> I have an existing implementation of a c#-based Grpc server (running >>>>>> on Windows 10 Server), and iOS/Objc-based grpc client and I can >>>>>> successfully connect, login, make calls, etc. My issue is switching from >>>>>> nonsecure to SSL, using the same network Name & port, etc. >>>>>> >>>>>> I'm using self-signed server certificates, and I distribute the CA >>>>>> Cert that I created for my org to the test iOS device (via email) and >>>>>> install the Profile and make sure it is valid and activated in iOS >>>>>> Settings. >>>>>> >>>>>> When I enable SSL in the client and server, I cannot connect. There >>>>>> is no discernable error on either side. The connect aborts right away. >>>>>> >>>>>> I am following roughly the same steps here to initialize and start >>>>>> the C# Server: >>>>>> >>>>>> >>>>>> https://stackoverflow.com/questions/37714558/how-to-enable-server-side-ssl-for-grpc >>>>>> >>>>>> Here's my relevant code snippet: >>>>>> >>>>>> ServerCredentials credentials = >>>>>> ServerCredentials.Insecure; >>>>>> if (cfg.UseSSL) >>>>>> { >>>>>> var cacert = File.ReadAllText(cfg.CACertLocation); >>>>>> var servercert = >>>>>> File.ReadAllText(cfg.ServerCertLocation); >>>>>> var serverkey = >>>>>> File.ReadAllText(cfg.ServerKeyLocation); >>>>>> var keypair = new KeyCertificatePair(servercert, >>>>>> serverkey); >>>>>> credentials = new SslServerCredentials(new >>>>>> List<KeyCertificatePair> { keypair }, cacert, false); >>>>>> } >>>>>> >>>>>> var server = new Server >>>>>> { >>>>>> Services = >>>>>> { >>>>>> >>>>>> BackendService.BindService(wanderBackendServiceImpl), >>>>>> ManagementService.BindService(management) >>>>>> }, >>>>>> Ports = { { hostAddress, port, credentials } } >>>>>> }; >>>>>> >>>>>> server.Start(); >>>>>> >>>>>> On the iOS side, it simply a matter of not turning on Insecure mode >>>>>> on the relevant Grpc class (i.e. by default SSL is enabled). >>>>>> >>>>>> I am not using Mutual SSL/TLS - the client should just attempt to >>>>>> validate the server certificate using CA cert it has been signed with >>>>>> (both >>>>>> server & CA are created internally at my org). >>>>>> >>>>>> How do I diagnose my problem? I've been looking at: >>>>>> >>>>>> https://github.com/grpc/grpc/blob/master/TROUBLESHOOTING.md >>>>>> >>>>>> But I am not sure where such log information would be by default >>>>>> generated. Event Log? >>>>>> >>>>>> Thanks! >>>>>> >>>>>> -- >>>>>> You received this message because you are subscribed to the Google >>>>>> Groups "grpc.io" group. >>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>> send an email to [email protected]. >>>>>> To post to this group, send email to [email protected]. >>>>>> Visit this group at https://groups.google.com/group/grpc-io. >>>>>> To view this discussion on the web visit >>>>>> https://groups.google.com/d/msgid/grpc-io/1b700a9b-edba-4212-95da-03c0c35c634d%40googlegroups.com >>>>>> >>>>>> <https://groups.google.com/d/msgid/grpc-io/1b700a9b-edba-4212-95da-03c0c35c634d%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>>> . >>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>> >>>>> -- >> You received this message because you are subscribed to the Google Groups >> "grpc.io" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To post to this group, send email to [email protected] >> <javascript:>. >> Visit this group at https://groups.google.com/group/grpc-io. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/grpc-io/b40f894a-7383-453a-a939-e117e61f8dfe%40googlegroups.com >> >> <https://groups.google.com/d/msgid/grpc-io/b40f894a-7383-453a-a939-e117e61f8dfe%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > -- You received this message because you are subscribed to the Google Groups "grpc.io" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/grpc-io. To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/5cb539fb-ef2a-48fe-89a1-8cf3b18826a8%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
