Hi, >From the error message, most likely the certificate verification failed because the certificate sent from the server is not trusted by your client. You might want to use OpenSSL to check if the cert chain sent from server are trusted by root cert located at "../roots.crt". This is important for establishing a TLS connection. GRPC_TLS_SKIP_ALL_SERVER_VERIFICATION is dangerous, since itself doesn't provide any mechanism for verification. In most cases that should be combined with some customized checks, and I highly discourage its usages in any of the production code, without any additional checks.
On Friday, February 26, 2021 at 11:20:35 AM UTC-8 Mark D. Roth wrote: > Are you connecting via an HTTP CONNECT proxy? If so, you should be able > to do this simply by setting the $grpc_proxy environment variable to point > at your proxy. > > Zhen (CC'ed) can check your SSL creds code to make sure it looks right. > > On Thu, Feb 25, 2021 at 8:04 AM Yuriy Hashev <[email protected]> wrote: > >> I wrote a simple client to work with some server. Everything works fine >> with direct access. >> But, if I declare the variable, I get the error "Handshake failed with >> fatal error SSL_ERROR_SSL: error:1000007d:SSL >> routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED." >> >> This is my code for making connection >> >> string root = read_keycert("../roots.crt"); >> grpc::SslCredentialsOptions ssl_opts; >> ssl_opts.pem_root_certs = root; >> ssl_opts.pem_private_key = ""; >> ssl_opts.pem_cert_chain = ""; >> >> channel_creds = grpc::SslCredentials(ssl_opts); >> channel = grpc::CreateChannel(URL, channel_creds); >> stub = vox::tts::TTS::NewStub(channel); >> >> I guess i need to make a connection with a parameter >> GRPC_TLS_SKIP_ALL_SERVER_VERIFICATION. But I don't understand how. >> >> I need a small example. Thanks. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "grpc.io" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/grpc-io/85f4aee1-c21f-4b53-a6d9-d052323804d8n%40googlegroups.com >> >> <https://groups.google.com/d/msgid/grpc-io/85f4aee1-c21f-4b53-a6d9-d052323804d8n%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> > > > -- > Mark D. Roth <[email protected]> > Software Engineer > Google, Inc. > -- You received this message because you are subscribed to the Google Groups "grpc.io" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/17911bf4-ee2c-4e46-938d-512f2a4aea3dn%40googlegroups.com.
