Hi all,
I am attempting to create a secure connection between a gRPC client and
server with the C# wrapper. By secure I mean that I want the safety
properties that would avoid any kind of MITM attack, but I don’t need the
authentication part (which will be done by higher application levels), the
encryption is enough for my requirements.
Reading gRPCs C# code comments, it seems that on the server side I can use
“SslClientCertificateRequestType.RequestButDontVerify”, I considered
“SslClientCertificateRequestType.DontRequest" but I get the impression that
this would not encrypt communications, even if I provide a key pair on the
client side.
As far as I can see the client side would use a self-signed certificat
(meaning he generates the certificate and the key pair, the certificate
will be signed with the keypair).
I can’t figure out the correct way to set this up. As far as I can see,
after generating the key pair and the certif, it should be something like
this:
Client side - generate key pair and certificate:
var keyCertPair = new KeyCertificatePair(File.ReadAllText("cert.pem"), File.
ReadAllText("key.pem"));
var channelCredentials = new SslCredentials(File.ReadAllText("cert.pem"),
keyCertPair);
var channel = new Channel(“127.0.0.1:5000", channelCredentials);
* Notice that I’m not sure what to use for the root certificate, so I reuse
the same.
Server side - generate a different key pair and certificate:
var keyCertPair = new KeyCertificatePair(File.ReadAllText("cert.pem"), File.
ReadAllText("key.pem"));
ServerCredentials credentials = new SslServerCredentials(new List<
KeyCertificatePair> {keyCertPair}, null,
SslClientCertificateRequestType.RequestButDontVerify);
This will log the following server side: *No match found for server name:
127.0.0.1*
I'm out of ideas at this point, a part from just trying stuff to make it
work. I’m just trying to encrypt the communication, not verify the identity
of the peer. I'm using openssl on mac to generate the key pairs and
certificates.
Thanks a lot.
Sam
PS: If an admin could clean up my failed attempt at editing my original
post would be great:
https://groups.google.com/forum/#!topic/grpc-io/vtut-JjzGxQ
--
You received this message because you are subscribed to the Google Groups
"grpc.io" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/grpc-io/3b3e4d87-2f80-4d19-9b42-105e896344c4%40googlegroups.com.
