One other thing you can try is using Jetty ALPN (See the SECURITY.md file
in the grpc-java repo). That would tell you if it is Netty's integration
with OpenSSL that is broken.
On Saturday, March 3, 2018 at 10:16:08 AM UTC-8, cr2...@gmail.com wrote:
>
> I think we made some progress. We've got
I think we made some progress. We've got a case where it worked. There
were several issue at play making it difficult to nail down and leading to
false theories..
It's a bit preliminary but one issue with a particular JDK not *seeming* to
work at all, we think. The other is the client
You don't happen to have the server requesting a client side cert do you?
Otherwise, I don't have much else to guess. Personally I would fire up gdb
and step through the authentication, but that may be a lot of effort.
On Friday, March 2, 2018 at 6:43:16 AM UTC-8, cr2...@gmail.com wrote:
>
>
Hi I see the certificate in the builder. Have not found a reference to
private key .. should I?
Some guidance where to look ? >>>
https://pasteboard.co/Ha2YMA2.jpg
On Wednesday, February 28, 2018 at 5:47:41 PM UTC-5, cr2...@gmail.com wrote:
>
> Hi
> Seeing this error though it seems the all the
It's possible to give multiple client certificates. Is there some
*selection* criteria when connecting to a specific server that determines
which *if any* client certs are acceptable ?
Will it simpie try all ? (not done much with mutual auth :)
On Wednesday, February 28, 2018 at 5:47:41 PM
This has been reproduced on Fedora 27 with IBM Jdk / Ubuntu OpenJdk and
Mac not sure of what JDK.
On Wednesday, February 28, 2018 at 5:47:41 PM UTC-5, cr2...@gmail.com wrote:
>
> Hi
> Seeing this error though it seems the all the certificates do check out ok.
>
> grpc java version 1.10.0
>
>
I captured our generated cert and the private key in files .. tlsCertPem
tlsKeyPem
Then did a `openssl s_client -connect localhost:7050 -cert tlsCertPem -key
tlsKeyPem -debug`
I got what was a telnet like session .. typed a few lines hit enter : and ..
```
orderer.example.com |
Yes, basically. If you can use the openssl tool (like s_client) to use the
certs, then we would know this is a problem on the java side.
On Thursday, March 1, 2018 at 12:58:11 PM UTC-8, cr2...@gmail.com wrote:
>
> Does this just wrapper the local native oppenssl implementation ?
>
> On
Does this just wrapper the local native oppenssl implementation ?
On Thursday, March 1, 2018 at 2:16:14 PM UTC-5, Carl Mastrangelo wrote:
>
> Can you try with some of the default certs provided? We use
> https://github.com/grpc/grpc-java/tree/master/testing/src/main/resources/certs
>
> for
Not tried that yet but I removed the keyManger setting and got the very
same error. So I'm really now thinking it's nothing actually wrong with the
client keys/certs being set there.
On Thursday, March 1, 2018 at 2:16:14 PM UTC-5, Carl Mastrangelo wrote:
>
> Can you try with some of the
Can you try with some of the default certs provided? We
use
https://github.com/grpc/grpc-java/tree/master/testing/src/main/resources/certs
for our tests.
On Wednesday, February 28, 2018 at 2:47:41 PM UTC-8, cr2...@gmail.com wrote:
>
> Hi
> Seeing this error though it seems the all the
11 matches
Mail list logo
