Everything works fine when I don't use TLS. But when I do, it does not connect. More details:
I have configured the Golang GRPC server exactly like how this blog says https://bbengfort.github.io/programmer/2017/03/03/secure-grpc.html in Mutual TLS with Certificate Authority section. The server is up and running just fine.
Now I have a client written in NodeJS, trying to send some data through grpc. I have configured the NodeJS like below:
var PROTO_PATH = __dirname + '/protos/log.proto';
var grpc = require('grpc');
var protoLoader = require('@grpc/proto-loader');
var packageDefinition = protoLoader.loadSync(
PROTO_PATH,
{keepCase: true,
longs: String,
enums: String,
defaults: true,
oneofs: true
});
var ssl_creds = grpc.credentials.createSsl(fs.readFileSync('ssl/ca.crt'), fs.readFileSync('ssl/client.key'), fs.readFileSync('ssl/client.crt'));
var log_proto = grpc.loadPackageDefinition(packageDefinition).log;
var client = new log_proto.LogData('<IP>:<PORT>',ssl_creds); I created the certificates like how it is mentioned here: https://github.com/grpc/grpc/issues/6757. Ofcourse, i did see this comment: https://github.com/grpc/grpc/issues/6757#issuecomment-264617793.
I am still seeing the error when I run NodeJS client:
{ Error: 14 UNAVAILABLE: Connect Failed
at Object.exports.createStatusError (/app/node_modules/grpc/src/common.js:91:15)
at Object.onReceiveStatus (/app/node_modules/grpc/src/client_interceptors.js:1204:28)
at InterceptingListener._callNext (/app/node_modules/grpc/src/client_interceptors.js:568:42)
at InterceptingListener.onReceiveStatus (/app/node_modules/grpc/src/client_interceptors.js:618:8)
at callback (/app/node_modules/grpc/src/client_interceptors.js:845:24)
code: 14,
metadata: Metadata { _internal_repr: {} },
details: 'Connect Failed' }Certificate details: SSLv3 TLSv1.2
EDIT:
I added env variable GRPC_VERBOSITY as DEBUG and found the following: Peer name <IP> is not in peer certificate
</div>
