Hi, I'm using the gRPC C++ client library (v1.28.1) to talk to a Go HTTP/2 server. I saw "connection reset by pear" on the client a bunch, and no logs on the server (with GODEBUG=http2debug=2 and the maximum Go gRPC log levels - Info and verbosity 99). So I did the following test: - On a pod in the Kubernetes cluster, run `socat TCP-LISTEN:8080 -` - Set the gRPC server IP on the client to <pod IP>:8080
To my surprise, not only did I see incoming connections, but even plaintext contents (HTTP headers, method names, etc.). This seems like a severe bug to me - regardless of whether I'm doing something wrong setting up the channel, under no circumstances should a client send any data over a non-TLS connection when TLS is requested. I can try to create a minimal example tomorrow, but the relevant setup logs are here: https://gist.github.com/misberner/8344ae1def9bf2e9619438bb4a6fd44d As you can see, the credentials get loaded OK and a secure channel is created. Also, egrep -i [ui]nsecure on the client logs comes back empty. I am using static gRPC libraries, which have been built with: git submodule update --init mkdir -p cmake/build cd cmake/build cmake \ -DgRPC_CARES_PROVIDER=package \ -DgRPC_PROTOBUF_PROVIDER=package \ -DgRPC_SSL_PROVIDER=package \ -DCMAKE_BUILD_TYPE=Release \ -DgRPC_INSTALL=ON \ -DCMAKE_INSTALL_PREFIX=/usr/local \ ../.. make make install I'm using libssl-dev installed via apt-get in a debian:stable Docker image and linking with -lssl -lcrypto. Any help would be much appreciated! -- You received this message because you are subscribed to the Google Groups "grpc.io" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/f504fc14-6756-419d-8d3b-7afdc168717a%40googlegroups.com.
