[ruby] request and require client certificate but don't verify

[miny...@carbon3d.com]

Hello,

Is it possible to have a ruby grpc server request and require a client certificate but not verify it? We have application logic that verifies the client certificate in other ways and so don't have a CA signing all the client certificates.

In C++, it looks like you can set GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_BUT_DONT_VERIFY on grpc::SslServerCredentialsOptions, but that doesn't seem to be exposed in ruby.

On a related note, is it possible for the client (this time C++) to not verify the server certificate? I didn't find any obvious flags that I could set on grpc::SslCredentialsOptions (which is used to create the ChannelCredentials).

Thanks

[Abhishek Parmar]

+Micheal in case he has a quick answer.

--
You received this message because you are subscribed to the Google Groups "grpc.io" group.
To unsubscribe from this group and stop receiving emails from it, send an email to grpc-io+unsubscribe@googlegroups.com.
To post to this group, send email to grp...@googlegroups.com.
Visit this group at https://groups.google.com/group/grpc-io.
To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/226689ff-fee4-4625-b9d8-06a793e468b9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

-Abhishek

[apo...@google.com]

Sorry for the delay here. 

Indeed as is in ruby, the only exposed client certificate request types are GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY and GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE.

(This is exposed through the final parameter of the ServerCredentials constructor,

see https://github.com/grpc/grpc/blob/master/src/ruby/ext/grpc/rb_server_credentials.c#L129 for more details)

+yangg for C++

[Yang Gao]

On the client side, I do not think you will have a way to completely disable checking. The closest you can get is to use ChannelArguments::SetSslTargetNameOverride to set the proper name from the server side cert.