Hello! I solved my problem by linking my app only with grpc++ and dropping grpc++_unsecure completely.
On Sunday, December 23, 2018 at 12:39:22 AM UTC, [email protected] wrote: > > Hello! > > I just finished migration from gRPC 0.11 to 1.17 and I noticed very weird > behaviour. gRPC sends requests in plaintext form instead of using TLS > connection on remote side. Old gRPC works as expected and sends requests > over encrypted channel. > > I properly linked my tool with all required libraries and OpenSSL: > > ldd app|grep grpc > libgpr.so.7 => /opt/libraries/grpc/lib/libgpr.so.7 (0x0000007f7f829000) > libgrpc++.so.1 => /opt/libraries/grpc/lib/libgrpc++.so.1 > (0x0000007f7f798000) > libgrpc_unsecure.so.7 => /opt/libraries/grpc/lib/libgrpc_unsecure.so.7 > (0x0000007f7f681000) > libgrpc.so.7 => /opt/libraris/grpc/lib/libgrpc.so.7 (0x0000007f7f52d000) > libgrpc++_unsecure.so.1 => /opt/libraries/grpc/lib/libgrpc++_unsecure.so.1 > (0x0000007f7ce74000) > > I use both encrypted and plaintext version of gRPC for different services. > > And I use following code to make query: > > grpc::SslCredentialsOptions ssl_opts = { ca_cert, "", "" }; > auto channel_creds = grpc::SslCredentials(ssl_opts); > > Client server_api(grpc::CreateChannel("server.domain.tld:12912", > channel_creds)); > > server_api.GetExternalAddress(); > > In Client definition: > ``` > class Client { > public: > ApiClient(std::shared_ptr<grpc::Channel> channel) > : stub_(mynamespace::MyService::NewStub(channel)) { > } > ``` > > For some absolutely strange reasons this query arrives to server in > plaintext form and I can see all headers in Wireshark HTTP/2 dissector. > > [image: wireshark.png] > > > Of course, server (with older gRPC version) rejects this query with SSL > handsheke error: > 2018-12-22 20:40:45,928 [WARN] gRPC low level log: Handshake failed with > fatal error SSL_ERROR_SSL: error:1408F10B:SSL > routines:SSL3_GET_RECORD:wrong version number. > 2018-12-22 20:40:45,928 [WARN] gRPC low level log: Handshake failed with > error TSI_PROTOCOL_FAILURE > 2018-12-22 20:40:45,928 [WARN] gRPC low level log: Secure transport failed > with error 2 > > I checked and my grpc library was properly linked agains OpenSSL: > > ldd /opt/libraries/lib/libgrpc.so.7.0.0 > linux-vdso.so.1 (0x0000007f80e1c000) > libssl.so.1.1 => /usr/lib/aarch64-linux-gnu/libssl.so.1.1 > (0x0000007f80c21000) > libcrypto.so.1.1 => /usr/lib/aarch64-linux-gnu/libcrypto.so.1.1 > (0x0000007f80a23000) > libdl.so.2 => /lib/aarch64-linux-gnu/libdl.so.2 (0x0000007f80a0e000) > librt.so.1 => /lib/aarch64-linux-gnu/librt.so.1 (0x0000007f809f7000) > libm.so.6 => /lib/aarch64-linux-gnu/libm.so.6 (0x0000007f8093d000) > libpthread.so.0 => /lib/aarch64-linux-gnu/libpthread.so.0 > (0x0000007f80911000) > libz.so.1 => /lib/aarch64-linux-gnu/libz.so.1 (0x0000007f808e4000) > libc.so.6 => /lib/aarch64-linux-gnu/libc.so.6 (0x0000007f8078b000) > /lib/ld-linux-aarch64.so.1 (0x0000007f80df1000) > > Is anything changed for TLS/SSL client? Should I rewrite code in different > way to explicitly enable TLS? > > My platform it Ubuntu 18.04 / ARM64. > > Thank you! > -- You received this message because you are subscribed to the Google Groups "grpc.io" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/grpc-io. To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/7842b190-2a54-43c0-b8a1-8f0117ae3620%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
