Hey folks,
I’ve implemented a gRPC server and a local loopback client on an embedded
camera device and I’m using mutual TLS to verify the server and the
clients. The camera is an embedded linux system and what I’m noticing is
that when the camera boots up for the like the first 30 - 40 seconds client
connection attempts fail with an SSL certificate verification failure.
After the 30 seconds though, the connections go through and the
certificates are verified.
I’m not sure what would cause this. Is there some external dependency that
gRPC relies on to perform the SSL verification ? Any advice on this would
be much appreciated.
When it fails:
[2020-09-12 12:16:56.605] [info] Running on localhost:50051
[2020-09-12 12:16:56.605] [info] Creating Channel
D0912 12:16:56.607212093 555 ev_posix.cc:173] Using polling
engine: epollex
D0912 12:16:56.607897342 555 lb_policy_registry.cc:42] registering LB
policy factory for "grpclb"
D0912 12:16:56.607963734 555 lb_policy_registry.cc:42] registering LB
policy factory for "priority_experimental"
D0912 12:16:56.608011712 555 lb_policy_registry.cc:42] registering LB
policy factory for "weighted_target_experimental"
D0912 12:16:56.608044369 555 lb_policy_registry.cc:42] registering LB
policy factory for "pick_first"
D0912 12:16:56.608075099 555 lb_policy_registry.cc:42] registering LB
policy factory for "round_robin"
D0912 12:16:56.608113215 555 dns_resolver_ares.cc:507] Using ares dns
resolver
D0912 12:16:56.608229871 555 lb_policy_registry.cc:42] registering LB
policy factory for "cds_experimental"
D0912 12:16:56.608266548 555 lb_policy_registry.cc:42] registering LB
policy factory for "eds_experimental"
D0912 12:16:56.608299712 555 lb_policy_registry.cc:42] registering LB
policy factory for "eds_drop_experimental"
D0912 12:16:56.608331670 555 lb_policy_registry.cc:42] registering LB
policy factory for "xds_cluster_manager_experimental"
[2020-09-12 12:16:56.609] [info] Channel Created
[2020-09-12 12:16:56.610] [info] Starting
I0912 12:16:56.617467882 555 socket_utils_common_posix.cc:418] Disabling
AF_INET6 sockets because socket() failed.
E0912 12:16:56.738191099 555 ssl_transport_security.cc:1439] Handshake
failed with fatal error SSL_ERROR_SSL: error:1416F086:SSL
routines:tls_process_server_certificate:certificate verify failed.
D0912 12:16:56.738419289 555 security_handshaker.cc:184] Security handshake
failed: {"created":"@1599913016.738306675","description":"Handshake
failed","file":"src/core/lib/security/transport/security_handshaker.cc","file_line":307,"tsi_code":10,"tsi_error":"TSI_PROTOCOL_FAILURE"}
I0912 12:16:56.739049003 555 subchannel.cc:1073] Connect failed:
{"created":"@1599913016.738306675","description":"Handshake
failed","file":"src/core/lib/security/transport/security_handshaker.cc","file_line":307,"tsi_code":10,"tsi_error":"TSI_PROTOCOL_FAILURE"}
I0912 12:16:56.739323924 555 subchannel.cc:1012] Subchannel
0x382163a0: Retry in 873 milliseconds
[2020-09-12 12:16:56.739] [error] 14: failed to connect to all addresses
[2020-09-12 12:16:56.740] [info] Greeter received: RPC failed
D0912 12:16:56.740704517 555 init.cc:226] grpc_shutdown
starts clean-up now
~ #
When it works
[2022-10-21 20:34:08.407] [info] Running on localhost:50051
[2022-10-21 20:34:08.408] [info] Creating Channel
D1021 20:34:08.410045947 843 ev_posix.cc:173] Using polling
engine: epollex
D1021 20:34:08.410743119 843 lb_policy_registry.cc:42] registering LB
policy factory for "grpclb"
D1021 20:34:08.410822104 843 lb_policy_registry.cc:42] registering LB
policy factory for "priority_experimental"
D1021 20:34:08.410857152 843 lb_policy_registry.cc:42] registering LB
policy factory for "weighted_target_experimental"
D1021 20:34:08.410888454 843 lb_policy_registry.cc:42] registering LB
policy factory for "pick_first"
D1021 20:34:08.410918825 843 lb_policy_registry.cc:42] registering LB
policy factory for "round_robin"
D1021 20:34:08.410956963 843 dns_resolver_ares.cc:507] Using ares dns
resolver
D1021 20:34:08.411071525 843 lb_policy_registry.cc:42] registering LB
policy factory for "cds_experimental"
D1021 20:34:08.411108055 843 lb_policy_registry.cc:42] registering LB
policy factory for "eds_experimental"
D1021 20:34:08.411140902 843 lb_policy_registry.cc:42] registering LB
policy factory for "eds_drop_experimental"
D1021 20:34:08.411172225 843 lb_policy_registry.cc:42] registering LB
policy factory for "xds_cluster_manager_experimental"
[2022-10-21 20:34:08.412] [info] Channel Created
[2022-10-21 20:34:08.413] [info] Starting
I1021 20:34:08.419860938 843 socket_utils_common_posix.cc:418] Disabling
AF_INET6 sockets because socket() failed.
I1021 20:34:08.675655280 843 subchannel.cc:1126] New connected
subchannel at 0x404649d0 for subchannel 0x403f53a0
[2022-10-21 20:34:08.678] [info] Greeter received: Helloworld
D1021 20:34:08.680301365 843 init.cc:226] grpc_shutdown
starts clean-up now
Thanks
Kartik
--
You received this message because you are subscribed to the Google Groups
"grpc.io" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to grpc-io+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/grpc-io/d47f33fe-9c74-4b42-b744-f7eb46911f03n%40googlegroups.com.
