#grpc node client allow signed certificate

女生的网名这么多〃 提交于 2020-06-29 04:04:34

问题


i have a self signed grpc service on server, and got it working for dart server with dart client. But i could not figure how to bypass or allow self signed certificate for node client.. I've tried this:

const sslCreds = await grpc.credentials.createSsl(
    fs.readFileSync('./ssl/client.crt'),
    null, // privatekey
    null, // certChain
    {
      checkServerIdentity: function(host, info) {
  console.log('verify?', host, info);
  if (
    host.startsWith('127.0.0.1') ||
    host.startsWith('logs.example.com')
  ) {
    return true;
  }
  console.log('verify other?', host);
  return true;
},
    },
  );

  // sslCreds.options.checkServerIdentity = checkCert;

  const gLogClient = new synagieLogGrpc.LoggerClient(
    'host:port',
    sslCreds,
  );

but when i call, my validation checkServerIdentity did not call.

anyone have any clue?


回答1:


after checking out multiple github issues, and testing for 2 days, this code below works. critical point is, actual host:port is the destination, which could be localhost. but we will need to override the ssl target name with the actual generated ssl domain.

for sample of tls generation: https://github.com/grpc/grpc-node/issues/1451

const host = 'localhost';
const port = 8088;;
const hostPort = `${host}:${port}`;
const gLogClient = new synagieLogGrpc.LoggerClient(hostPort, sslCreds, {
  'grpc.ssl_target_name_override': 'actual_tlsdomain.example.com',
});


来源:https://stackoverflow.com/questions/62108009/grpc-node-client-allow-signed-certificate

标签
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!