Note that you are using `GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE`. In that mode, the server does not request (nor require) client certificates.
If you want the server to require client certificates, you could use `GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY` instead of `GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE`. Also, note that in your client code, you would need to set the private key or the cert chain. On Tuesday, February 15, 2022 at 7:56:56 PM UTC-8 吴烨烽 wrote: > Here are two questions > > Q1.Why the client can communicate with the server? > > step1: the server configures SslServerCredentials (including server > certificate and private key) to listen to the port. step2: The client > configures InsecureChannelCredentials to create the channel > > Q2.The client can communicate with the server, but it is not TLS through > wireshark packet capture. > > step1: the server configures SslServerCredentials (including server > certificate and private key) to listen to the port. step2: Client > configures SslCredentials (including CA certificates) to create a channel. > > server codes: > std::string server_address ( "0.0.0.0:30051" ); > std::string key; > std::string cert; > read ( "E:\\DataCert\\server1.pem", cert ); > read ( "E:\\DataCert\\server1.key", key ); > grpc::SslServerCredentialsOptions::PemKeyCertPair keycert = { key, cert }; > grpc::SslServerCredentialsOptions > sslOps(GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE); > sslOps.pem_key_cert_pairs.push_back(keycert); > std::shared_ptr<grpc::ServerCredentials> creds = > grpc::SslServerCredentials(sslOps); ServerBuilder builder; > builder.AddListeningPort(server_address, creds); GreeterServiceImpl > service; > builder.RegisterService(&service); > std::unique_ptr < Server > server ( builder.BuildAndStart () ); > std::cout << "Server listening on " << server_address << std::endl; > server->Wait (); > > client codes: > std::string cert; > std::string key; > std::string root; > read("E:\\DataCert\\ca.pem", root); > grpc::SslCredentialsOptions opts; > opts.pem_root_certs = root; > grpc::ChannelArguments cargs; > cargs.SetSslTargetNameOverride("foo.test.google.fr"); > std::string server{ "192.168.20.182:30051" }; > std::unique_ptr<Greeter::Stub> stub_ = > Greeter::NewStub(grpc::CreateCustomChannel(server, > grpc::SslCredentials(opts), cargs)); > //std::unique_ptr<Greeter::Stub> stub_ = > Greeter::NewStub(grpc::CreateChannel(server, > grpc::InsecureChannelCredentials())); > std::string user ( "world" ); > HelloRequest request; > request.set_name(user); > HelloReply reply; > ClientContext context; > Status status = stub_->SayHello(&context, request, &reply); > -- You received this message because you are subscribed to the Google Groups "grpc.io" group. To unsubscribe from this group and stop receiving emails from it, send an email to grpc-io+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/cd744844-098f-4147-b7f1-7aba296ccf15n%40googlegroups.com.