Ruby的grpc（v1.3.2）gem SSL / TLS连接问题与grpc服务器完全用golang构建

Question

最近，我试图使用rubygem grpc版本1.3.2作为一个clinet并连接到一个由golang构建的grpc服务器。 我浏览了GRPC.IO的文档并将其用于我的代码中。

    irb(main):017:0> GRPC::Core::Credentials.new(File.read(CA_FILE_PATH))
NameError: uninitialized constant GRPC::Core::Credentials
        from (irb):17
        from /usr/local/share/gems/gems/railties-4.2.1/lib/rails/commands/console.rb:110:in `start'
        from /usr/local/share/gems/gems/railties-4.2.1/lib/rails/commands/console.rb:9:in `start'
        from /usr/local/share/gems/gems/railties-4.2.1/lib/rails/commands/commands_tasks.rb:68:in `console'
        from /usr/local/share/gems/gems/railties-4.2.1/lib/rails/commands/commands_tasks.rb:39:in `run_command!'
        from /usr/local/share/gems/gems/railties-4.2.1/lib/rails/commands.rb:17:in `<top (required)>'
        from bin/rails:4:in `require'
        from bin/rails:4:in `<main>'

但是他们的文件特别说，

creds = GRPC::Core::Credentials.new(load_certs)  # load_certs typically loads a CA roots file
stub = Helloworld::Greeter::Stub.new('myservice.example.com', creds)

然后我遇到了ChannelCredentials ，并且信用卡应该是ChannelCredentials对象或符号（例如：this_channel_is_insecure ）。 因此，我也尝试了一下。

我从grpc gem的源代码本身中获取了以下函数。 在rspec测试用例中调用此函数来加载证书：

def load_certs
      data_dir = "#{Rails.root}/certs"
      files = ['ca.pem', 'server.key', 'server.pem']
      files.map { |f| File.open(File.join(data_dir, f)).read }
end

然后我试了一下，

channel_creds = GRPC::Core::ChannelCredentials.new(load_certs)
stub = Helloworld::Greeter::Stub.new('myservice.example.com', channel_creds)

但上面的失败了

E0619 09:59:10.410575570   14208 ssl_transport_security.c:601] Could not load any root certificate.
E0619 09:59:10.410604954   14208 ssl_transport_security.c:1315] Cannot load server root certificates.
E0619 09:59:10.410622519   14208 security_connector.c:837]   Handshaker factory creation failed with TSI_INVALID_ARGUMENT.

我也尝试过：

channel_creds = GRPC::Core::ChannelCredentials.new(File.read(CA_FILE_PATH))
stub = Helloworld::Greeter::Stub.new('myservice.example.com', creds)

但我得到的只是日志或rpc服务器的错误：

2017/06/16 10:52:34 transport: http2Server.HandleStreams failed to receive the preface from client: EOF
2017/06/16 10:53:35 transport: http2Server.HandleStreams failed to receive the preface from client: EOF
2017/06/16 10:53:59 transport: http2Server.HandleStreams failed to receive the preface from client: EOF
2017/06/16 10:55:06 transport: http2Server.HandleStreams failed to receive the preface from client: EOF

有没有人成功尝试过启用SSL / TLS的这个Ruby客户端Golang服务器组合？

Answer 1

creds应该是ChannelCredentials对象或符号

the ::this_channel_is_insecure symbol (if the latter is passed, an insecure connection will be used). 是客户端存根构造函数的第二个参数（creds参数），应该是GRPC::Core::ChannelCredentials对象，或者是::this_channel_is_insecure符号（如果传递后者，将使用不安全的连接）。

我注意到使用的测试

def load_certs
  data_dir = "#{Rails.root}/certs"
  files = ['ca.pem', 'server.key', 'server.pem']
  files.map { |f| File.open(File.join(data_dir, f)).read }
end

private key and certificate chain (that specific test I believe doesn't use the key and cert chain). 实际上可能会产生误导，因为只使用私钥和证书链构建通道凭证才有意义（我认为特定的测试不使用密钥和证书链）。

在GRPC::Core::ChannelCredentials构造函数上：

可以使用三种形式（在https://github.com/grpc/grpc/blob/master/src/ruby/ext/grpc/rb_channel_credentials.c#L128中的构造函数代码上面有一条注释他们），但选项是：

• Credentials.new()

• Credentials.new(pem_root_certs)

• Credentials.new(pem_root_certs, pem_private_key, pem_cert_chain)

在所有情况下，根文件，私钥和证书链参数都是pem编码的字符串。

请注意，如果未传递任何参数（使用Credentials.new() ），则将按照此标头注释中的说明找到服务器根证书（请参阅服务器根证书参数为null时的行为说明）。 to use a private key and cert chain. 只有在您希望使用私钥和证书链时才需要最后一个构造函数。

Answer 2

我可以确认这是有效的。

channel_creds = GRPC::Core::ChannelCredentials.new(File.read("/home/user/.lnd/tls.cert"))
stub = Lnrpc::Lightning::Stub.new("127.0.0.1:10009", channel_creds)
obj = Lnrpc::GetInfoRequest.new
pp stub.get_info(obj)