C ++ GRPC客户端和golang服务器之间的连接错误

时间:2017-03-22 21:51:57

标签: c++ ssl go grpc

我正在尝试编写一个与C ++和golang客户端对话的GRPC服务器。由于这都是我们系统内部的,因此将有一个签署服务器证书的自签名证书,服务器将签署客户端证书。

我能够从golang客户端连接到服务器。但是,C ++客户端没有连接,我从ssl层看到了一堆错误。我在配置C ++ grpc客户端时做错了什么?

(我的证书目前都使用2048位RSA密钥)

以下是我认为相同的客户端代码(错误处理省略):

Golang:

import (
    "crypto/tls"
    "io/ioutil"
    "google.golang.org/grpc"
    "google.golang.org/grpc/credentials"
)

func getConnection(hostPort string) (*grpc.ClientConn, error) {
    var config tls.Config
    cert, _ := tls.LoadX509KeyPair("client.crt", "client.key")
    config.Certificates = append(config.Certificates, cert)
    b, _ := ioutil.ReadFile("root.crt")
    config.RootCAs.AppendCertsFromPEM(b)

    options := grpc.WithTransportCredentials(credentials.NewTLS(config))
    return grpc.Dial(hostPort, options)
}

C ++:

#include <fstream>
#include <string>
#include <grpc++/grpc++.h>

std::shared_ptr<grpc::Channel> get_connection(const std::string& host_port) {
    auto contents = [](const std::string& filename) -> std::string {
        std::ifstream fh(filename);
        std::stringstream buffer;
        buffer << fh.rdbuf();
        fh.close();
        return buffer.str();
    };

    auto ssl_options = grpc::SslCredentialsOptions();
    ssl_options.pem_cert_chain = contents("client.crt");
    ssl_options.pem_private_key = contents("client.key");
    ssl_options.pem_root_certs = contents("root.crt");
    auto creds = grpc::SslCredentials(ssl_options);
    auto channel = grpc::CreateChannel(hostport, creds);
}

我的错误讯息:

C ++客户端错误消息

D0322 14:42:12.882767371   11701 env_linux.c:77]             Warning: insecure environment read function 'getenv' used
getting job record
E0322 14:42:12.930157873   11701 ssl_transport_security.c:945] Handshake failed with fatal error SSL_ERROR_SSL: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed.
E0322 14:42:12.930231627   11701 handshake.c:128]            Security handshake failed: {"created":"@1490218932.930210185","description":"Handshake failed","file":"src/core/lib/security/transport/handshake.c","file_line":264,"tsi_code":10,"tsi_error":"TSI_PROTOCOL_FAILURE"}
E0322 14:42:12.964082644   11701 ssl_transport_security.c:945] Handshake failed with fatal error SSL_ERROR_SSL: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed.
E0322 14:42:12.964134746   11701 handshake.c:128]            Security handshake failed: {"created":"@1490218932.964114213","description":"Handshake failed","file":"src/core/lib/security/transport/handshake.c","file_line":264,"tsi_code":10,"tsi_error":"TSI_PROTOCOL_FAILURE"}
std::string JobServerClient::getJobRecord(const string&) const: GRPC connection error 14 []

Golang客户端错误消息

2017/03/22 17:42:12 grpc: Server.Serve failed to create ServerTransport:  connection error: desc = "transport: EOF"
2017/03/22 17:42:12 grpc: Server.Serve failed to create ServerTransport:  connection error: desc = "transport: EOF"

我可以做些什么额外的调试来确定C ++客户端出错的地方?

1 个答案:

答案 0 :(得分:1)

错误消息是由运行C ++代码的系统上不信任所呈现的证书引起的。

如果您使用自签名证书,则需要将根签名密钥添加到该系统上的ca-certificates或配置C ++代码以读取和识别该根签名密钥。

如果您提供有关代码中密钥的更多信息(我假设root.crt是您的根签名密钥),则可能有人可以为您提供更具体的帮助。