Hello!
I just finished migration from gRPC 0.11 to 1.17 and I noticed very weird
behaviour. gRPC sends requests in plaintext form instead of using TLS
connection on remote side. Old gRPC works as expected and sends requests
over encrypted channel.
I properly linked my tool with all required libraries and OpenSSL:
ldd app|grep grpc
libgpr.so.7 => /opt/libraries/grpc/lib/libgpr.so.7 (0x0000007f7f829000)
libgrpc++.so.1 => /opt/libraries/grpc/lib/libgrpc++.so.1
(0x0000007f7f798000)
libgrpc_unsecure.so.7 => /opt/libraries/grpc/lib/libgrpc_unsecure.so.7
(0x0000007f7f681000)
libgrpc.so.7 => /opt/libraris/grpc/lib/libgrpc.so.7 (0x0000007f7f52d000)
libgrpc++_unsecure.so.1 => /opt/libraries/grpc/lib/libgrpc++_unsecure.so.1
(0x0000007f7ce74000)
I use both encrypted and plaintext version of gRPC for different services.
And I use following code to make query:
grpc::SslCredentialsOptions ssl_opts = { ca_cert, "", "" };
auto channel_creds = grpc::SslCredentials(ssl_opts);
Client server_api(grpc::CreateChannel("server.domain.tld:12912",
channel_creds));
server_api.GetExternalAddress();
In Client definition:
```
class Client {
public:
ApiClient(std::shared_ptr<grpc::Channel> channel)
: stub_(mynamespace::MyService::NewStub(channel)) {
}
```
For some absolutely strange reasons this query arrives to server in
plaintext form and I can see all headers in Wireshark HTTP/2 dissector.
[image: wireshark.png]
Of course, server (with older gRPC version) rejects this query with SSL
handsheke error:
2018-12-22 20:40:45,928 [WARN] gRPC low level log: Handshake failed with
fatal error SSL_ERROR_SSL: error:1408F10B:SSL
routines:SSL3_GET_RECORD:wrong version number.
2018-12-22 20:40:45,928 [WARN] gRPC low level log: Handshake failed with
error TSI_PROTOCOL_FAILURE
2018-12-22 20:40:45,928 [WARN] gRPC low level log: Secure transport failed
with error 2
I checked and my grpc library was properly linked agains OpenSSL:
ldd /opt/libraries/lib/libgrpc.so.7.0.0
linux-vdso.so.1 (0x0000007f80e1c000)
libssl.so.1.1 => /usr/lib/aarch64-linux-gnu/libssl.so.1.1
(0x0000007f80c21000)
libcrypto.so.1.1 => /usr/lib/aarch64-linux-gnu/libcrypto.so.1.1
(0x0000007f80a23000)
libdl.so.2 => /lib/aarch64-linux-gnu/libdl.so.2 (0x0000007f80a0e000)
librt.so.1 => /lib/aarch64-linux-gnu/librt.so.1 (0x0000007f809f7000)
libm.so.6 => /lib/aarch64-linux-gnu/libm.so.6 (0x0000007f8093d000)
libpthread.so.0 => /lib/aarch64-linux-gnu/libpthread.so.0
(0x0000007f80911000)
libz.so.1 => /lib/aarch64-linux-gnu/libz.so.1 (0x0000007f808e4000)
libc.so.6 => /lib/aarch64-linux-gnu/libc.so.6 (0x0000007f8078b000)
/lib/ld-linux-aarch64.so.1 (0x0000007f80df1000)
Is anything changed for TLS/SSL client? Should I rewrite code in different
way to explicitly enable TLS?
My platform it Ubuntu 18.04 / ARM64.
Thank you!
--
You received this message because you are subscribed to the Google Groups
"grpc.io" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/group/grpc-io.
To view this discussion on the web visit
https://groups.google.com/d/msgid/grpc-io/52b32660-38a7-442c-9c56-2fb8423e0e83%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
