gRPC SSL connection to Etcdv3 cluster problem

[klemen.f...@gmail.com]

Hi,

I'm having a problem connecting to a etcd v3 database with gRPC using SSL in C++. I create the grpc::Channel like this:

grpc::CreateChannel(url, grpc::SslCredentials(grpc::SslCredentialsOptions{}));

This is the error I get:

14.998631627   24325 security_handshaker.c:126]  Security handshake failed: {"created":"@1501495154.998615545","description":"Cannot check peer: missing selected ALPN property.","file":"src/core/lib/security/transport/security_connector.c","file_line":591}

I0731 02:59:14.999175217   24325 subchannel.c:707]           Connect failed: {"created":"@1501495154.998615545","description":"Cannot check peer: missing selected ALPN property.","file":"src/core/lib/security/transport/security_connector.c","file_line":591}

I0731 02:59:14.999456787   24325 subchannel.c:503]           Retry in 19.652596073 seconds

I also tried using the etcd client supplied by coreos, which uses the gRPC-Go and it does work, but also outputs this error:

grpc: Failed to dial portal298-3.etcd-recognition.reveel-technologies.composedb.com:16217: connection error: desc = "transport: context canceled"; please retry.

Does anyone have any idea what might be wrong?

Thanks in advance,

Klemen

[klemen.f...@gmail.com]

Hi again,

in case anyone in the future stumbles upon this thread, I "solved" this problem by disabling the checking of ALPN here. By commenting out the range from 587 to 596, I can successfully connect now. I realise this isn't perfect, but the Compose guys wouldn't rebuild their haproxy to enable ALPN.

I wonder though, how come doesn't the grpc-go implementation have this check?

Cheers,

Klemen