![](/img/trans.png)
[英]How do I solve ldap_start_tls() “Unable to start TLS: Connect error” in PHP?
[英]How do I connect to GRPC using TLS?
我嘗試使用節點客戶端和 Java 服務器獲得一個基本的 GRPC 服務器和使用 SSL/TLS 的客戶端,但沒有成功。 從沒有安全性開始:
// client.js
const creds = grpc.credentials.createInsecure()
const stub = new hello_proto.Greeter('localhost:50051', creds)
stub.sayHello(...)
// server.java
Server server = ServerBuilder.forPort(50051)
.addService(serviceImplementation)
.build();
server.start();
這里的所有工作都按預期工作。 然后我嘗試添加 SSL 憑據,生成這樣的證書和私鑰(按照Python 示例):
$ openssl req -newkey rsa:2048 -nodes -keyout server.key -x509 -days 365 -out server.crt
這會生成一個證書 ( server.crt
) 和私鑰 ( server.key
)。 然后,我分別按照grpc.io Auth Guide和grpc-java的指導將這些憑據添加到客戶端和服務器(僅限服務器上的私鑰):
// client.js
const rootCert = fs.readFileSync("path/to/server.crt");
const channelCreds = grpc.credentials.createSsl(rootCert);
const stub = new hello_proto.Greeter('localhost:50051', channelCreds);
stub.sayHello(...)
// server.java
File certChainFile = File("path/to/server.crt")
File privateKeyFile = File("path/to/server.key")
Server server = ServerBuilder.forPort(50051)
.useTransportSecurity(certChainFile, privateKeyFile)
.addService(serviceImplementation)
.build();
server.start();
現在我收到一個錯誤UNAVAILABLE: No connection established
:
Error: 14 UNAVAILABLE: No connection established
at Object.callErrorFromStatus (path/to/node_modules/@grpc/grpc-js/build/src/call.js:31:26)
at Object.onReceiveStatus (path/to/node_modules/@grpc/grpc-js/build/src/client.js:176:52)
at Object.onReceiveStatus (path/to/node_modules/@grpc/grpc-js/build/src/client-interceptors.js:336:141)
at Object.onReceiveStatus (path/to/node_modules/@grpc/grpc-js/build/src/client-interceptors.js:299:181)
at path/to/node_modules/@grpc/grpc-js/build/src/call-stream.js:130:78
at processTicksAndRejections (node:internal/process/task_queues:76:11) {
code: 14,
details: 'No connection established',
metadata: Metadata { internalRepr: Map(0) {}, options: {} }
}
服務器端沒有錯誤。 客戶端錯誤毫無幫助地與我在服務器關閉時得到的錯誤相同。
如何在 Java 服務器和節點客戶端之間實現基本 TLS 身份驗證?
也許你可以參考我在helloworlde/grpc-java-sample中的代碼,隨意翻譯中文;
對於雙方,它需要SslContext
File keyCertChainFile = new File("server.pem");
File keyFile = new File("server.key");
SslContext sslContext = GrpcSslContexts.forServer(keyCertChainFile, keyFile)
.clientAuth(ClientAuth.OPTIONAL)
.build();
Server server = NettyServerBuilder.forAddress(new InetSocketAddress(9090))
.addService(new HelloServiceImpl())
.sslContext(sslContext)
.build();
File trustCertCollectionFile = new File("server.pem");
SslContext sslContext = GrpcSslContexts.forClient()
.trustManager(trustCertCollectionFile)
.build();
ManagedChannel channel = NettyChannelBuilder.forAddress("127.0.0.1", 9090)
.overrideAuthority("localhost")
.sslContext(sslContext)
.build();
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.