gRPC“证书验证失败”-C＃服务器和C ++客户端

Question

我在GRPC应用程序中实施SSL时遇到问题。 服务器基于Unity / C＃，客户端从C ++连接。没有安全的连接，一切都可以正常运行。 我以为我使用的SSL密钥有问题。

这是我生成SSL密钥的方式（我使用localhost作为通用名）：

openssl genpkey -algorithm RSA -out rootCA.key
openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 3650 -out rootCA.crt
openssl genpkey -algorithm RSA -out localhost.key
openssl req -new -key localhost.key -out localhost.csr
openssl x509 -req -in localhost.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out localhost.crt -days 3650 -sha256

我的C＃服务器代码：

private void SetUpServer()
{
    var sslKey = KeyPem.text; // localhost.key file
    var sslCert = CertPem.text; // localhost.crt file
    _server = new Server(new List<ChannelOption>
    {
        new ChannelOption(ChannelOptions.MaxSendMessageLength, MaxMessageSize),
        new ChannelOption(ChannelOptions.MaxReceiveMessageLength, MaxMessageSize)
    })
    {
        Services =
        {
            VertexStream.BindService(new VertexStreamServerImpl(VertexService, exampleVertices, exampleTriangles)),
            RobotData.BindService(new RobotDataServerImpl(RobotService))
        },
        Ports = {new ServerPort(Ip, Port, new SslServerCredentials(new List<KeyCertificatePair> {new KeyCertificatePair(sslCert, sslKey)}))},
    };
    _server.Start();
}

我的C ++客户端代码：

auto ssl_options = grpc::SslCredentialsOptions();
ssl_options.pem_cert_chain = "[localhost.crt content]";
ssl_options.pem_private_key = "[localhost.key content]";
ssl_options.pem_root_certs = "[rootCA.crt content]";
auto channel_creds = grpc::SslCredentials(ssl_options);
auto channel_arguments = grpc::ChannelArguments();
channel_arguments.SetMaxReceiveMessageSize(MAX_MESSAGE_SIZE);
channel_arguments.SetMaxSendMessageSize(MAX_MESSAGE_SIZE);
const std::shared_ptr<Channel> &channel = CreateCustomChannel(IP ":" PORT, channel_creds, channel_arguments); //TODO define IP and port
VertexStreamingService vertexStreamingService(channel);
RobotDataService robotDataService(channel);

当我调用第一个远程函数（即robotDataService.requestInitialPosition()）时，我得到一个错误：

E0903 11:36:08.390065443  522774 ssl_transport_security.cc:1395] Handshake failed with fatal error SSL_ERROR_SSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed.
E0903 11:36:18.383416475  522778 ssl_transport_security.cc:1395] Handshake failed with fatal error SSL_ERROR_SSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed.

我已经尝试了几种生成和包含key / crt文件的方法，但是到目前为止还没有成功。我需要代码才能在本地网络上工作而无需访问全球互联网，所以我认为我不能使用远程证书颁发机构。