支持 TLS 的 grpc 中的错误
[英]Error in grpc with TLS support
问题描述
I am trying to run the secure helloworld program to check the support of TLS in the GRPC code.
我正在尝试运行安全的 helloworld 程序来检查 GRPC 代码中对 TLS 的支持。 I get this error我收到这个错误
E1228 23:15:44.054232298 10843 ssl_transport_security.cc:621] Invalid cert chain file.
E1228 23:15:44.054286682 10843 security_connector.cc:1108] Handshaker factory creation failed with TSI_INVALID_ARGUMENT.
E1228 23:15:44.054304555 10843 server_secure_chttp2.cc:83] {"created":"@1514520944.054294700","description":"Unable to create secure server with credentials of type Ssl.","file":"src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc","file_line":62,"security_status":1}
Server listening on localhost:50051
Segmentation fault (core dumped)
Following is my server code.以下是我的服务器代码。
std::string server_address ( "localhost:50051" );
std::string key;
std::string cert;
std::string root;
read ( "server.crt", cert );
read ( "server.key", key );
read ( "ca.crt", root );
ServerBuilder builder;
grpc::SslServerCredentialsOptions::PemKeyCertPair keycert =
{
key,
cert
};
grpc::SslServerCredentialsOptions sslOps;
sslOps.pem_root_certs = root;
sslOps.pem_key_cert_pairs.push_back ( keycert );
builder.AddListeningPort(server_address, grpc::SslServerCredentials( sslOps ));
GreeterServiceImpl service;
builder.RegisterService(&service);
std::unique_ptr < Server > server ( builder.BuildAndStart () );
std::cout << "Server listening on " << server_address << std::endl;
server->Wait ();
I am just trying to run the server.我只是想运行服务器。 CLient isnt even in the picture yet.客户端甚至还没有出现在图片中。 Here is the script i used to generate the keys.这是我用来生成密钥的脚本。
# Generate valid CA
openssl genrsa -passout pass:1234 -des3 -out ca.key 4096
openssl req -passin pass:1234 -new -x509 -days 365 -key ca.key -out ca.crt -subj "/C=CA/ST=Ontario/L=Ontario/O=Test/OU=Test/CN=Root CA"
# Generate valid Server Key/Cert
openssl genrsa -passout pass:1234 -des3 -out server.key 4096
openssl req -passin pass:1234 -new -key server.key -out server.csr -subj "/C=CA/ST=Ontario/L=Ontario/O=Test/OU=Server/CN=localhost"
openssl x509 -req -passin pass:1234 -days 365 -in server.csr -CA ca.crt -
CAkey ca.key -set_serial 01 -out server.crt
# Remove passphrase from the Server Key
openssl rsa -passin pass:1234 -in server.key -out server.key
# Generate valid Client Key/Cert
openssl genrsa -passout pass:1234 -des3 -out client.key 4096
openssl req -passin pass:1234 -new -key client.key -out client.csr -subj "/C=CA/ST=Ontario/L=Ontario/O=Test/OU=Client/CN=localhost"
openssl x509 -passin pass:1234 -req -days 365 -in client.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out client.crt
# Remove passphrase from Client Key
openssl rsa -passin pass:1234 -in client.key -out client.key
Any help would be deeply appreciated.任何帮助将不胜感激。 Thanks谢谢
1 个解决方案
解决方案1
1 2018-01-13 03:12:29
The error looks like there was something wrong with loading server x509 certificate.该错误看起来像是加载服务器 x509 证书有问题。 Did you put your server key/certificate and CA certificate in the same directory of your server binary?您是否将服务器密钥/证书和 CA 证书放在服务器二进制文件的同一目录中?
I use your script to generate keys and certificates.我使用您的脚本生成密钥和证书。 I use the greeter client/server code from https://github.com/grpc/grpc/issues/9593 Everything works fine.我使用https://github.com/grpc/grpc/issues/9593 中的欢迎程序客户端/服务器代码一切正常。 I could not duplicate your error.我无法复制您的错误。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.