How to make C++ client trust all X.509 certificates without any verification (like in Java)
Question
What is the grpc C++ equivalent of Java's InsecureTrustManagerFactory ?
GrpcSslContexts.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).build()
an insecure TrustManagerFactory that trusts all X.509 certificates without any verification.
In other words - in Java I create a server (private.key + certificate.pem signed by rootCA) and a client that creates SSL-encrypted channel with the server accepting server's certificate without verification (rootCA.pem is not available for the client). Technically it's not recommended but I use it for testing purposes only. I need to do the same for my C++ version of server-client pair. So far my C++ client needs rootCA.pem either through SslCredentialsOptions:
grpc::SslCredentialsOptions sslChannelOptions;
sslChannelOptions.pem_root_certs = "rootCA.pem";
sslChannelOptions.pem_cert_chain = "";
sslChannelOptions.pem_private_key = "";
return grpc::SslCredentials( sslChannelOptions );
or through
gpr_setenv("GRPC_DEFAULT_SSL_ROOTS_FILE_PATH", "roots.pem")
Otherwise I get:
ssl_transport_security.c:921] Handshake failed with fatal error SSL_ERROR_SSL: error:0400006b:RSA routines:OPENSSL_internal:BLOCK_TYPE_IS_NOT_01.
1 answers
solution1
0 2019-05-30 04:52:23
Unfortunately, gRPC C++ does not support this feature. gRPC C++ only has options to not verify client's certificate but not server's certificate.
Your use case does not seem strong enough for us to support this feature.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.