那些遇到过的问题

gRPC 客户端无法使用 TLS 证书连接到服务器

zze*_*ell 5 python ssl grpc

我正在尝试使用 gRPC 与 TLS 证书建立加密连接。由于连接不安全,一切正常,我也尝试使用 Go 编写的客户端,它也能正常工作。但是使用 Python 我收到以下错误:

grpc._channel._Rendezvous: <_Rendezvous of RPC that terminated with:
        status = StatusCode.UNAVAILABLE
        details = "failed to connect to all addresses"
        debug_error_string = "{"created":"@1565190346.229323178","description":"Failed to pick subchannel","file":"src/core/ext/filters/client_channel/client_channel.cc","file_line":3528,"referenced_errors":
[{"created":"@1565190346.229314131","description":"failed to connect to all addresses","file":"src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc","file_line":399,"grpc_status":14}]}"
Run Code Online (Sandbox Code Playgroud)

这是我客户的代码:

grpc._channel._Rendezvous: <_Rendezvous of RPC that terminated with:
        status = StatusCode.UNAVAILABLE
        details = "failed to connect to all addresses"
        debug_error_string = "{"created":"@1565190346.229323178","description":"Failed to pick subchannel","file":"src/core/ext/filters/client_channel/client_channel.cc","file_line":3528,"referenced_errors":
[{"created":"@1565190346.229314131","description":"failed to connect to all addresses","file":"src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc","file_line":399,"grpc_status":14}]}"
Run Code Online (Sandbox Code Playgroud)

有什么建议?

更新

这是带有GRPC_TRACEGRPC_VERBOSITY环境变量的输出。

credentials = grpc.ssl_channel_credentials()
channel = grpc.secure_channel('127.0.0.1:9332', credentials)
stub = srv_pb2_grpc.SrvStub(channel)
response = stub.Action(msg='msg')
Run Code Online (Sandbox Code Playgroud) 
I0808 11:24:21.077552208   28357 ev_epoll1_linux.cc:116]     grpc epoll fd: 3                                                                                                                                        
D0808 11:24:21.077580061   28357 ev_posix.cc:174]            Using polling engine: epoll1                                                                                                                            
D0808 11:24:21.077622131   28357 dns_resolver_ares.cc:483]   Using ares dns resolver                                                                                                                                 
E0808 11:24:21.077633004   28357 trace.cc:65]                Unknown trace var: 'transport_security'                                                                                                                 
I0808 11:24:21.402168083   28357 ssl_transport_security.cc:217]      HANDSHAKE START -       TLS client start_connect  - !!!!!!                                                                                      
I0808 11:24:21.402353776   28357 ssl_transport_security.cc:217]                 LOOP -    TLS client enter_early_data  - !!!!!!                                                                                      
I0808 11:24:21.402387194   28357 ssl_transport_security.cc:217]                 LOOP -   TLS client read_server_hello  - !!!!!!                                                                                      
I0808 11:24:21.606877030   28357 ssl_transport_security.cc:217]                 LOOP - TLS client read_server_certifi  - !!!!!!                                                                                      
I0808 11:24:21.607580283   28357 ssl_transport_security.cc:217]                 LOOP - TLS client read_certificate_st  - !!!!!!                                                                                      
I0808 11:24:21.607612862   28357 ssl_transport_security.cc:217]                 LOOP - TLS client verify_server_certi  - !!!!!!                                                                                      
I0808 11:24:21.613300944   28357 ssl_transport_security.cc:217]                 LOOP - TLS client read_server_key_exc  - !!!!!!                                                                                      
I0808 11:24:21.614718867   28357 ssl_transport_security.cc:217]                 LOOP - TLS client read_certificate_re  - !!!!!!                                                                                      
I0808 11:24:21.614762602   28357 ssl_transport_security.cc:217]                 LOOP - TLS client read_server_hello_d  - !!!!!!                                                                                      
I0808 11:24:21.614782664   28357 ssl_transport_security.cc:217]                 LOOP - TLS client send_client_certifi  - !!!!!!                                                                                      
I0808 11:24:21.614798210   28357 ssl_transport_security.cc:217]                 LOOP - TLS client send_client_key_exc  - !!!!!!
I0808 11:24:21.616791101   28357 ssl_transport_security.cc:217]                 LOOP - TLS client send_client_certifi  - !!!!!!
I0808 11:24:21.616817014   28357 ssl_transport_security.cc:217]                 LOOP - TLS client send_client_finishe  - !!!!!!
I0808 11:24:21.616891441   28357 ssl_transport_security.cc:217]                 LOOP -       TLS client finish_flight  - !!!!!!
I0808 11:24:21.616916680   28357 ssl_transport_security.cc:217]                 LOOP - TLS client read_session_ticket  - !!!!!!
I0808 11:24:21.811575115   28357 ssl_transport_security.cc:217]                 LOOP - TLS client process_change_ciph  - !!!!!!
I0808 11:24:21.811645429   28357 ssl_transport_security.cc:217]                 LOOP - TLS client read_server_finishe  - !!!!!!
I0808 11:24:21.811706483   28357 ssl_transport_security.cc:217]                 LOOP - TLS client finish_client_hands  - !!!!!!
I0808 11:24:21.811745454   28357 ssl_transport_security.cc:217]                 LOOP -                TLS client done  - !!!!!!
I0808 11:24:21.811763000   28357 ssl_transport_security.cc:217]       HANDSHAKE DONE -                TLS client done  - !!!!!!
D0808 11:24:21.811984315   28357 security_handshaker.cc:176] Security handshake failed: {"created":"@1565252661.811954686","description":"Cannot check peer: missing selected ALPN property.","file":"src/core/lib/security/security_connector/ssl_utils.cc","file_line":129}
I0808 11:24:21.812313765   28357 subchannel.cc:1031]         Connect failed: {"created":"@1565252661.811954686","description":"Cannot check peer: missing selected ALPN property.","file":"src/core/lib/security/security_connector/ssl_utils.cc","file_line":129}
Run Code Online (Sandbox Code Playgroud)

小智 4

The recent versions of the PIP grpcio package (1.23.0) is compiled with an older version of OpenSSL that doesn't properly support ALPN, and GRPC requires ALPN as part of the specification.

如果你 pip install grpcio~=1.19.0 它会工作,由于一个不同的错误——这个版本的 grpcio 根本不需要 ALPN。

ALPN 只是性能改进,因此禁用它不会带来安全风险。

归档时间:

查看次数:

4426 次

最近记录:

5 年,2 月 前
相关归档
如何并行化一个简单的Python循环? 200
如果列表索引存在,请执行X. 115
这个时间复杂度实际上是O(n ^ 2)吗? 82
Django Admin:OneToOne关系作为内联? 61
在localhost上设置(https)用于流星开发的SSL 18
管理多租户网站的SSL证书 7
IE 7+中的SSL证书不匹配,Firefox 3.6+中的OK 5
HttpWebrequest上的另一个失败,内部异常身份验证失败,因为远程方已关闭传输流 2
使用AngularJS在客户端计算机上进行代码安全性 1
NodeJS加密的HTTPS响应正文 0
难疑归档
如何重命名本地Git分支? 8033
如何在特定索引(JavaScript)的数组中插入项? 2709
确定已安装的PowerShell版本 2543
CSS三角形如何工作? 1791
如何为C#Auto-Property提供默认值? 1773
SQL Server中的LEFT JOIN与LEFT OUTER JOIN 1514
enctype ='multipart/form-data'是什么意思? 1290
检查jQuery中是否存在元素 1209
Git:如何在项目提交历史中找到已删除的文件? 1183
将绘图保存到图像文件,而不是使用Matplotlib显示它 1060