堆栈内存溢出
  简体   繁体   English

如何禁用客户端 GRPC 服务器证书主机名验证?

[英]How to disable client-side GRPC server cert hostname validation?

 原文  2021-07-08 16:04:45       c++/ ssl/ grpc

问题描述

Currently I'm setting up the channel authentication for my gRPC client as follows:目前我正在为我的 gRPC 客户端设置通道身份验证,如下所示:

std::shared_ptr<grpc::ChannelCredentials> channel_creds;
auto metadata = grpc::ChannelArguments();

// ...
grpc::SslCredentialsOptions sslOpts{};
sslOpts.pem_root_certs = // PEM with the Root CA cert's public key
sslOpts.pem_cert_chain = // PEM for client cert's public key
sslOpts.pem_private_key = // PEM for client cert's private key

channel_creds = grpc::SslCredentials(sslOpts);
metadata.SetSslTargetNameOverride(mbServerCertSubjectName.second.get());

// ...
grpc::CreateCustomChannel(addr_str, channel_creds, metadata);

This is almost perfect, but I'd like to disable the certificate name validation: I'd just like to accept anything as long as it chains to the pem_root_certs that I provide.这几乎是完美的,但我想禁用证书名称验证:我只想接受任何东西,只要它链接到我提供的pem_root_certs

This seems achievable if I could create a TlsChannelCredentialsOptions struct with its grpc_tls_server_verification_option field set to GRPC_TLS_SKIP_HOSTNAME_VERIFICATION, but the interface for TlsCredentialsOptions is totally different from SslCredentialsOptions and I don't know how to set it up to authenticate based on the PEM files that I'm providing to sslOpts here.如果我可以创建一个TlsChannelCredentialsOptions结构并将其grpc_tls_server_verification_option字段设置为 GRPC_TLS_SKIP_HOSTNAME_VERIFICATION,这似乎是可以实现的,但是 TlsCredentialsOptions 的接口与SslCredentialsOptions完全不同,我不知道如何设置它以根据我的 PEM 文件进行身份验证在此处提供给 sslOpts。

How can I translate my desired logic over to TlsChannelCredentialsOptions?如何将我想要的逻辑转换为 TlsChannelCredentialsOptions?

1 个解决方案

解决方案1
 0  2022-01-13 02:19:53

try this one:试试这个:

grpc::ChannelArguments gargs;
gargs.SetSslTargetNameOverride("domian name you want to ignore");

client client(grpc::CreateCustomChannel("ipverson:xxx.xxx.xxx.xxx:port", ssl_creds, gargs));

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Grpc客户端C ++通道析构函数耗时10秒 - Grpc Client-side C++ Channel Destructor taking 10 seconds 如何在 gRPC 中做服务端背压? - How to do server-side backpressure in gRPC? 需要在HTML + JavaScript的客户端和Java / C ++的服务器端程序之间进行通信 - Need to communicate between Client-side in HTML+JavaScript and Server-side program in Java/C++ 如何使用 GRPC c++ 读取异步服务器端流 - How to read async server side streaming using GRPC c++ 如何从客户端关闭gRPC服务器(使用RPC功能) - How to shutdown gRPC server from Client (using RPC function) 如何使gRPC服务器仅支持一个客户端连接 - How to enable gRPC server to support just one client connection GRPC/C++ - 如何检测客户端在异步服务器中断开连接 - GRPC/C++ - How to detect client disconnected in Async Server 如何为本机代码库(C / C ++)编写自己的Javascript API(客户端) - How to write my own Javascript API (client-side) for a native code library (C/C++) 如何从客户端访问服务器主机名知道客户端访问服务器FQDN - How to know Client Access Server FQDN from Client Access Server hostname 在grpc服务器端调用时检索SSL证书 - Retrieve SSL certificate on call at grpc server side
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM