Unable to set-up SSL on gRPC server. org/eclipse/jetty/alpn/ALPN ClassNotFound.

[mrsha...@gmail.com]

I want to set-up SSL on my GRPC server. Here is what I'm doing:

 File certChain = new File("conf/server.crt");
 File privateKey = new File("conf/pkcs8_key.pem");


 Server server = NettyServerBuilder.forPort(8080)
 .useTransportSecurity(certChain, privateKey)
 .addService(new HelloWorldService())
 .build();

I am getting following error stack:

Exception in thread "main" java.lang.IllegalArgumentException: Jetty ALPN/NPN has not been properly configured.
 at io.grpc.netty.GrpcSslContexts.selectApplicationProtocolConfig(GrpcSslContexts.java:162)
 at io.grpc.netty.GrpcSslContexts.configure(GrpcSslContexts.java:136)
 at io.grpc.netty.GrpcSslContexts.configure(GrpcSslContexts.java:124)
 at io.grpc.netty.GrpcSslContexts.forServer(GrpcSslContexts.java:104)
 at io.grpc.netty.NettyServerBuilder.useTransportSecurity(NettyServerBuilder.java:404)
 at server.MyServer.main(MyServer.java:22)
Caused by: java.lang.ClassNotFoundException: org/eclipse/jetty/alpn/ALPN
 at java.lang.Class.forName0(Native Method)
 at java.lang.Class.forName(Class.java:348)
 at io.grpc.netty.JettyTlsUtil.isJettyAlpnConfigured(JettyTlsUtil.java:34)
 at io.grpc.netty.GrpcSslContexts.selectApplicationProtocolConfig(GrpcSslContexts.java:153)
 ... 5 more

Here is my gradle dependency block:

dependencies {
    compile("io.grpc:grpc-netty:1.7.0")
    compile("io.grpc:grpc-protobuf:1.7.0")
    compile("io.grpc:grpc-stub:1.7.0")
 
 compile group: 'io.netty', name: 'netty-handler', version: '4.1.16.Final'
 compile group: 'io.netty', name: 'netty-tcnative-boringssl-static', version: '2.0.6.Final'
 compile group: 'com.google.gradle', name: 'osdetector-gradle-plugin', version: '1.2.1'
 
}

Grpc doesn't think I have OpenSSL as SSLProvider available.

  private static SslProvider defaultSslProvider() {
    return OpenSsl.isAvailable() ? SslProvider.OPENSSL : SslProvider.JDK;
  }

Yet, for OpenSSL to be available, I need netty-tcnative-boringssl-static on my classpath. Which I have.

Even with JDK as SSLProvider, I don't understand why can't it load class in this grpc internal method:

  static synchronized boolean isJettyAlpnConfigured() {
    try {
      Class.forName("org.eclipse.jetty.alpn.ALPN", true, null);
      return true;
    } catch (ClassNotFoundException e) {
      jettyAlpnUnavailabilityCause = e;
      return false;
    }
  }

I do have ALPN in my classpath, as well.

Any help is appreciated!!

[Jaroslav Gorskov]

EDIT: I added a -javaagent JVM argument and pointed it to ALPN. Apparently it should be executed before the jvm main. The question about why doesn't grpc recognize I have OpenSSL available is still open.

чт, 1 нояб. 2018 г. в 16:25, <mrsha...@gmail.com>:

--
You received this message because you are subscribed to a topic in the Google Groups "grpc.io" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/grpc-io/v3saMxqOVOw/unsubscribe.
To unsubscribe from this group and all its topics, send an email to grpc-io+u...@googlegroups.com.
To post to this group, send email to grp...@googlegroups.com.
Visit this group at https://groups.google.com/group/grpc-io.
To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/0377d3cb-91aa-40bf-9850-acebc5bfbc97%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Carl Mastrangelo]

Random guess, but doesn't tcnative need to be a stonger dependency than compile?  It needs to be a compile+runtime dependency.

[din...@wepay.com]

This can be fixed by using "netty-tcnative-boringssl-static" library.