Jiangtao, if it's the case you must use the override to enable SNI, that's a bug that needs to be fixed. We should be enabling SNI just by the target string (so from the uri, "myserver.tunnel.dev" in the example).
However, even if you do need to use the override, the code linked *does* use the override. GRPC_SSL_TARGET_NAME_OVERRIDE_ARG is grpc.ssl_target_name_override <https://github.com/grpc/grpc/blob/3ee2919623dfcc11ac58e3e2a69c8986a2dd90eb/include/grpc/impl/codegen/grpc_types.h#L260> . On Mon, Oct 1, 2018 at 9:10 PM jiangtao via grpc.io < grpc-io@googlegroups.com> wrote: > In grpc c core and wrapped languages, the only way to set SNI is to > use GRPC_SSL_TARGET_NAME_OVERRIDE_ARG. > See > https://github.com/grpc/grpc/blob/master/test/core/end2end/h2_ssl_cert_test.cc#L176 > for example. > > Not sure about this python error though. > > On Thursday, September 20, 2018 at 5:55:52 PM UTC-7, yangc...@gmail.com > wrote: >> >> How to set the TLS/SNI ( >> https://en.wikipedia.org/wiki/Server_Name_Indication) in the the >> Python/C++ gRPC client API? >> >> In other word, what's the equivalent of setting the `-servername` in >> `openssl s_client`? >> >> >> I have verified my TLS server works by using the correct flags on >> `openssl s_client`: >> ```sh >> openssl s_client -connect "myserver.tunnel.dev:4443" -servername >> "myserver.tunnel.dev" >> ``` >> >> However, I wasn't able to setup the credentials correct with the Python >> /C++ API: >> >> ```python >> uri = "myserver.tunnel.dev:4443" >> hostname = "myserver.tunnel.dev" >> >> creds = grpc.ssl_channel_credentials( >> root_certificates=dev_cert) >> # root_certificates=certificate_chain) >> # certificate_chain=certificate_chain) >> channel = grpc.secure_channel(uri, creds, >> options=(('grpc.ssl_target_name_override', hostname),) >> ) >> >> # This throws >> >> ```python >> grpc._channel._Rendezvous: <_Rendezvous of RPC that terminated with >> (StatusCode.UNAVAILABLE, Connect Failed)> >> ``` >> >> ``` >> >> -- > You received this message because you are subscribed to the Google Groups " > grpc.io" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to grpc-io+unsubscr...@googlegroups.com. > To post to this group, send email to grpc-io@googlegroups.com. > Visit this group at https://groups.google.com/group/grpc-io. > To view this discussion on the web visit > https://groups.google.com/d/msgid/grpc-io/b763a855-06b5-4c96-9a8d-2aca2b314802%40googlegroups.com > <https://groups.google.com/d/msgid/grpc-io/b763a855-06b5-4c96-9a8d-2aca2b314802%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "grpc.io" group. To unsubscribe from this group and stop receiving emails from it, send an email to grpc-io+unsubscr...@googlegroups.com. To post to this group, send email to grpc-io@googlegroups.com. Visit this group at https://groups.google.com/group/grpc-io. To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/CA%2B4M1oPpSiw8Ox0dOa_raCKAfGJxfDWF5fX0_%2B%2BcqHsthtELuw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
smime.p7s
Description: S/MIME Cryptographic Signature
