Thanks for your reply.
In `GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE` mode, The client needs to
verify the server, and the server needs to send the server certificate to
the client. These processes should also be under the TLS protocol, but
through the packet capture, there is no TLS.
[image: 微信截图_20220215171404.png]
在2022年2月17日星期四 UTC+8 02:59:19<yas...@google.com> 写道:
> Note that you are using `GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE`. In
> that mode, the server does not request (nor require) client certificates.
>
> If you want the server to require client certificates, you could use
> `GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY` instead of
> `GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE`.
>
> Also, note that in your client code, you would need to set the private key
> or the cert chain.
>
> On Tuesday, February 15, 2022 at 7:56:56 PM UTC-8 吴烨烽 wrote:
>
>> Here are two questions
>>
>> Q1.Why the client can communicate with the server?
>>
>> step1: the server configures SslServerCredentials (including server
>> certificate and private key) to listen to the port. step2: The client
>> configures InsecureChannelCredentials to create the channel
>>
>> Q2.The client can communicate with the server, but it is not TLS through
>> wireshark packet capture.
>>
>> step1: the server configures SslServerCredentials (including server
>> certificate and private key) to listen to the port. step2: Client
>> configures SslCredentials (including CA certificates) to create a channel.
>>
>> server codes:
>> std::string server_address ( "0.0.0.0:30051" );
>> std::string key;
>> std::string cert;
>> read ( "E:\\DataCert\\server1.pem", cert );
>> read ( "E:\\DataCert\\server1.key", key );
>> grpc::SslServerCredentialsOptions::PemKeyCertPair keycert = { key, cert };
>> grpc::SslServerCredentialsOptions
>> sslOps(GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE);
>> sslOps.pem_key_cert_pairs.push_back(keycert);
>> std::shared_ptr<grpc::ServerCredentials> creds =
>> grpc::SslServerCredentials(sslOps); ServerBuilder builder;
>> builder.AddListeningPort(server_address, creds); GreeterServiceImpl
>> service;
>> builder.RegisterService(&service);
>> std::unique_ptr < Server > server ( builder.BuildAndStart () );
>> std::cout << "Server listening on " << server_address << std::endl;
>> server->Wait ();
>>
>> client codes:
>> std::string cert;
>> std::string key;
>> std::string root;
>> read("E:\\DataCert\\ca.pem", root);
>> grpc::SslCredentialsOptions opts;
>> opts.pem_root_certs = root;
>> grpc::ChannelArguments cargs;
>> cargs.SetSslTargetNameOverride("foo.test.google.fr");
>> std::string server{ "192.168.20.182:30051" };
>> std::unique_ptr<Greeter::Stub> stub_ =
>> Greeter::NewStub(grpc::CreateCustomChannel(server,
>> grpc::SslCredentials(opts), cargs));
>> //std::unique_ptr<Greeter::Stub> stub_ =
>> Greeter::NewStub(grpc::CreateChannel(server,
>> grpc::InsecureChannelCredentials()));
>> std::string user ( "world" );
>> HelloRequest request;
>> request.set_name(user);
>> HelloReply reply;
>> ClientContext context;
>> Status status = stub_->SayHello(&context, request, &reply);
>>
>
--
You received this message because you are subscribed to the Google Groups
"grpc.io" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to grpc-io+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/grpc-io/10d292f0-4532-4118-9417-65ad9b1d3808n%40googlegroups.com.
