Note that you are using `GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE`. In that
mode, the server does not request (nor require) client certificates.
If you want the server to require client certificates, you could use
`GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY` instead of
`GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE`.
Also, note that in your client code, you would need to set the private key
or the cert chain.
On Tuesday, February 15, 2022 at 7:56:56 PM UTC-8 吴烨烽 wrote:
> Here are two questions
>
> Q1.Why the client can communicate with the server?
>
> step1: the server configures SslServerCredentials (including server
> certificate and private key) to listen to the port. step2: The client
> configures InsecureChannelCredentials to create the channel
>
> Q2.The client can communicate with the server, but it is not TLS through
> wireshark packet capture.
>
> step1: the server configures SslServerCredentials (including server
> certificate and private key) to listen to the port. step2: Client
> configures SslCredentials (including CA certificates) to create a channel.
>
> server codes:
> std::string server_address ( "0.0.0.0:30051" );
> std::string key;
> std::string cert;
> read ( "E:\\DataCert\\server1.pem", cert );
> read ( "E:\\DataCert\\server1.key", key );
> grpc::SslServerCredentialsOptions::PemKeyCertPair keycert = { key, cert };
> grpc::SslServerCredentialsOptions
> sslOps(GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE);
> sslOps.pem_key_cert_pairs.push_back(keycert);
> std::shared_ptr<grpc::ServerCredentials> creds =
> grpc::SslServerCredentials(sslOps); ServerBuilder builder;
> builder.AddListeningPort(server_address, creds); GreeterServiceImpl
> service;
> builder.RegisterService(&service);
> std::unique_ptr < Server > server ( builder.BuildAndStart () );
> std::cout << "Server listening on " << server_address << std::endl;
> server->Wait ();
>
> client codes:
> std::string cert;
> std::string key;
> std::string root;
> read("E:\\DataCert\\ca.pem", root);
> grpc::SslCredentialsOptions opts;
> opts.pem_root_certs = root;
> grpc::ChannelArguments cargs;
> cargs.SetSslTargetNameOverride("foo.test.google.fr");
> std::string server{ "192.168.20.182:30051" };
> std::unique_ptr<Greeter::Stub> stub_ =
> Greeter::NewStub(grpc::CreateCustomChannel(server,
> grpc::SslCredentials(opts), cargs));
> //std::unique_ptr<Greeter::Stub> stub_ =
> Greeter::NewStub(grpc::CreateChannel(server,
> grpc::InsecureChannelCredentials()));
> std::string user ( "world" );
> HelloRequest request;
> request.set_name(user);
> HelloReply reply;
> ClientContext context;
> Status status = stub_->SayHello(&context, request, &reply);
>
--
You received this message because you are subscribed to the Google Groups
"grpc.io" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/grpc-io/cd744844-098f-4147-b7f1-7aba296ccf15n%40googlegroups.com.
