I'm using a GAPIC gRPC API client, for the logging service. There's a few
things going on that I need help with.
*1. GRPC_PROXY, HTTP_PROXY, HTTPS_PROXY *sometimes* have no effect*
D0422 12:02:24.006260963 1099086 ev_posix.cc:173] Using polling
engine: epollex
D0422 12:02:24.006536029 1099086 lb_policy_registry.cc:42] registering LB
policy factory for "grpclb"
D0422 12:02:24.006562897 1099086 lb_policy_registry.cc:42] registering LB
policy factory for "priority_experimental"
D0422 12:02:24.006583317 1099086 lb_policy_registry.cc:42] registering LB
policy factory for "weighted_target_experimental"
D0422 12:02:24.006597151 1099086 lb_policy_registry.cc:42] registering LB
policy factory for "pick_first"
D0422 12:02:24.006609777 1099086 lb_policy_registry.cc:42] registering LB
policy factory for "round_robin"
D0422 12:02:24.006643720 1099086 dns_resolver_ares.cc:491] Using ares dns
resolver
D0422 12:02:24.006934719 1099086 certificate_provider_registry.cc:33]
registering certificate provider factory for "file_watcher"
D0422 12:02:24.006964159 1099086 lb_policy_registry.cc:42] registering LB
policy factory for "cds_experimental"
D0422 12:02:24.006981291 1099086 lb_policy_registry.cc:42] registering LB
policy factory for "xds_cluster_impl_experimental"
D0422 12:02:24.006996788 1099086 lb_policy_registry.cc:42] registering LB
policy factory for "xds_cluster_resolver_experimental"
D0422 12:02:24.007011089 1099086 lb_policy_registry.cc:42] registering LB
policy factory for "xds_cluster_manager_experimental"
I0422 12:02:24.134118093 1099086 subchannel.cc:1064] New connected
subchannel at 0x48f7dda11a0 for subchannel 0x48f7db2d6a0
As seen in the logs, there isn't a log about connecting via a proxy.
Sometimes it does respect the environment variable and connect using a
proxy, but it fails due to CERTIFICATE_VERIFIED_FAILED.
2. *Connecting via proxy results in CERTIFICATE_VERIFY_FAILED*
D0422 12:05:45.402423598 1101637 ev_posix.cc:173] Using polling
engine: epollex
D0422 12:05:45.402655234 1101637 lb_policy_registry.cc:42] registering LB
policy factory for "grpclb"
D0422 12:05:45.402673052 1101637 lb_policy_registry.cc:42] registering LB
policy factory for "priority_experimental"
D0422 12:05:45.402686862 1101637 lb_policy_registry.cc:42] registering LB
policy factory for "weighted_target_experimental"
D0422 12:05:45.402693772 1101637 lb_policy_registry.cc:42] registering LB
policy factory for "pick_first"
D0422 12:05:45.402737068 1101637 lb_policy_registry.cc:42] registering LB
policy factory for "round_robin"
D0422 12:05:45.402763965 1101637 dns_resolver_ares.cc:491] Using ares dns
resolver
D0422 12:05:45.402937809 1101637 certificate_provider_registry.cc:33]
registering certificate provider factory for "file_watcher"
D0422 12:05:45.402948770 1101637 lb_policy_registry.cc:42] registering LB
policy factory for "cds_experimental"
D0422 12:05:45.402956388 1101637 lb_policy_registry.cc:42] registering LB
policy factory for "xds_cluster_impl_experimental"
D0422 12:05:45.402963451 1101637 lb_policy_registry.cc:42] registering LB
policy factory for "xds_cluster_resolver_experimental"
D0422 12:05:45.402970592 1101637 lb_policy_registry.cc:42] registering LB
policy factory for "xds_cluster_manager_experimental"
D0422 12:05:45.403243571 1101637 http_proxy.cc:96] userinfo found
in proxy URI
D0422 12:05:45.411287513 1101637 http_proxy.cc:96] userinfo found
in proxy URI
D0422 12:05:45.413808815 1101637 http_proxy.cc:96] userinfo found
in proxy URI
I0422 12:05:45.431104234 1101637 http_connect_handshaker.cc:330] Connecting
to server logging.googleapis.com:443 via HTTP proxy ipv6:[::1]:8080
E0422 12:05:45.497715188 1101637 ssl_transport_security.cc:1468] Handshake
failed with fatal error SSL_ERROR_SSL: error:1000007d:SSL
routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED.
D0422 12:05:45.497818796 1101637 security_handshaker.cc:183] Security
handshake failed:
{"created":"@1619107545.497752249","description":"Handshake
failed","file":"third_party/grpc/src/core/lib/security/transport/security_handshaker.cc","file_line":335,"tsi_code":10,"tsi_error":"TSI_PROTOCOL_FAILURE"}
I0422 12:05:45.498230117 1101637 subchannel.cc:1012] Connect
failed: {"created":"@1619107545.497752249","description":"Handshake
failed","file":"third_party/grpc/src/core/lib/security/transport/security_handshaker.cc","file_line":335,"tsi_code":10,"tsi_error":"TSI_PROTOCOL_FAILURE"}
I0422 12:05:45.498816368 1101637 http_connect_handshaker.cc:330] Connecting
to server logging.googleapis.com:443 via HTTP proxy ipv4:127.0.0.1:8080
E0422 12:05:45.576198782 1101637 ssl_transport_security.cc:1468] Handshake
failed with fatal error SSL_ERROR_SSL: error:1000007d:SSL
routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED.
D0422 12:05:45.576289374 1101637 security_handshaker.cc:183] Security
handshake failed:
{"created":"@1619107545.576234692","description":"Handshake
failed","file":"third_party/grpc/src/core/lib/security/transport/security_handshaker.cc","file_line":335,"tsi_code":10,"tsi_error":"TSI_PROTOCOL_FAILURE"}
I0422 12:05:45.576792020 1101637 subchannel.cc:1012] Connect
failed: {"created":"@1619107545.576234692","description":"Handshake
failed","file":"third_party/grpc/src/core/lib/security/transport/security_handshaker.cc","file_line":335,"tsi_code":10,"tsi_error":"TSI_PROTOCOL_FAILURE"}
I0422 12:05:45.576854534 1101637 subchannel.cc:957] Subchannel
0x45063fccfd60: Retry in 838 milliseconds
I0422 12:05:46.414349969 1101941 subchannel.cc:980] Failed to
connect to channel, retrying
I am setting a certificate using the following:
channel = transport_class.create_channel(
address=address,
credentials=credentials,
ssl_credentials=grpc.ssl_channel_credentials(
root_certificates=ca_certs_content),
options=MakeChannelOptions())
>>> import grpc
>>> grpc.__version__
'1.38.0.dev0'
--
You received this message because you are subscribed to the Google Groups
"grpc.io" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/grpc-io/f28b498b-d8c0-4fc8-a6d9-eda1b3290a7an%40googlegroups.com.
