doushen9863 2019-02-27 02:15
浏览 379

GRPC Golang服务器和NodeJS客户端。 TLS连接失败

Everything works fine when I don't use TLS. But when I do, it does not connect. More details:

I have configured the Golang GRPC server exactly like how this blog says in Mutual TLS with Certificate Authority section. The server is up and running just fine.

Now I have a client written in NodeJS, trying to send some data through grpc. I have configured the NodeJS like below:

var PROTO_PATH = __dirname + '/protos/log.proto';
var grpc = require('grpc');
var protoLoader = require('@grpc/proto-loader');
var packageDefinition = protoLoader.loadSync(
    {keepCase: true,
     longs: String,
     enums: String,
     defaults: true,
     oneofs: true
var ssl_creds = grpc.credentials.createSsl(fs.readFileSync('ssl/ca.crt'), fs.readFileSync('ssl/client.key'), fs.readFileSync('ssl/client.crt'));

var log_proto = grpc.loadPackageDefinition(packageDefinition).log;
var client = new log_proto.LogData('<IP>:<PORT>',ssl_creds); 

I created the certificates like how it is mentioned here: Ofcourse, i did see this comment:

I am still seeing the error when I run NodeJS client:

{ Error: 14 UNAVAILABLE: Connect Failed
at Object.exports.createStatusError (/app/node_modules/grpc/src/common.js:91:15)
at Object.onReceiveStatus (/app/node_modules/grpc/src/client_interceptors.js:1204:28)
at InterceptingListener._callNext (/app/node_modules/grpc/src/client_interceptors.js:568:42)
at InterceptingListener.onReceiveStatus (/app/node_modules/grpc/src/client_interceptors.js:618:8)
at callback (/app/node_modules/grpc/src/client_interceptors.js:845:24)
code: 14,
metadata: Metadata { _internal_repr: {} },
details: 'Connect Failed' }

Certificate details: SSLv3 TLSv1.2


I added env variable GRPC_VERBOSITY as DEBUG and found the following: Peer name <IP> is not in peer certificate

  • 写回答

1条回答 默认 最新

  • douzhuangna6906 2019-02-27 03:32

    So the issue was that the certificate couldn't hold IP address as the hostname. It should have a name and not an IP - fixed it by providing a name and overriding the target name.

    const options = {
      'grpc.ssl_target_name_override' : 'simple-host',
      'grpc.default_authority': 'simple-host'
    var client = new log_proto.LogData('<IP>:<PORT>',ssl_creds,options); 
    本回答被题主选为最佳回答 , 对您是否有帮助呢?



  • ¥15 YOLOv8已有一个初步的检测模型,想利用这个模型对新的图片进行自动标注,生成labellmg可以识别的数据,再手动修改。如何操作?
  • ¥30 NIRfast软件使用指导
  • ¥20 matlab仿真问题,求功率谱密度
  • ¥15 求micropython modbus-RTU 从机的代码或库?
  • ¥15 django5安装失败
  • ¥15 Java与Hbase相关问题
  • ¥15 后缀 crn 游戏文件提取资源
  • ¥20 bash代码推送不上去 git fetch origin master #失败了
  • ¥15 LOL外服加入了反作弊系统,现在游戏录像rofl文件离线都无法打开
  • ¥15 在centos7安装conda