Disable Hostname Varification at client-side
67 views
Skip to first unread message
Alveena Rifat
Apr 4, 2025, 12:05:46 PM4/4/25
to grpc.io
I want to disable hostname verification at client side without using the args.SetSslTargetNameOverride() function. I have the following piece of code where I want to wrap around the low-level-C-style grpc_channel_credentials to C++-style ChannelCredentials and can not really find a wrapper for it. The gRPC lib does not even provide one. std::shared_ptr<grpc::Channel> createSecureChannel(const std::string& p_proxyPortIp,
std::shared_ptr<Config::TLSConfig> p_tlsConfig)
{
// Extract the TLS details from the configuration
std::string certPath = readFileToString(p_tlsConfig->getCertificateLocation());
std::string keyPath = readFileToString(p_tlsConfig->getPrivateKeyLocation());
std::string rootCertPath = readFileToString(p_tlsConfig->getTrustedAuthorityLocation());
grpc_ssl_verify_peer_options verify_options;
verify_options.verify_peer_callback = &ProtoBaseChannel::skip_hostname_verification;
std::shared_ptr<Config::TLSConfig> p_tlsConfig)
{
// Extract the TLS details from the configuration
std::string certPath = readFileToString(p_tlsConfig->getCertificateLocation());
std::string keyPath = readFileToString(p_tlsConfig->getPrivateKeyLocation());
std::string rootCertPath = readFileToString(p_tlsConfig->getTrustedAuthorityLocation());
grpc_ssl_verify_peer_options verify_options;
verify_options.verify_peer_callback = &ProtoBaseChannel::skip_hostname_verification;
verify_options.verify_peer_callback_userdata = nullptr;
grpc_ssl_pem_key_cert_pair pem_key_cert_pair;
pem_key_cert_pair.private_key = keyPath.c_str(); pem_key_cert_pair.cert_chain = certPath.c_str();
// Use grpc_ssl_credentials_create_ex to create SSL credentials with custom verification options
grpc_channel_credentials* low_level_ssl_creds = grpc_ssl_credentials_create_ex(
rootCertPath.c_str(), &pem_key_cert_pair, &verify_options, nullptr
);
grpc_channel_credentials* low_level_ssl_creds = grpc_ssl_credentials_create_ex(
rootCertPath.c_str(), &pem_key_cert_pair, &verify_options, nullptr
);
// Wrap the raw `grpc_channel_credentials*` with a std::shared_ptr (C++ API expects this type) -> does not work !!
std::shared_ptr<grpc::ChannelCredentials> ssl_creds_cpp = std::shared_ptr<grpc::ChannelCredentials>(
reinterpret_cast<grpc::ChannelCredentials*>(low_level_ssl_creds)
);
std::shared_ptr<grpc::ChannelCredentials> ssl_creds_cpp = std::shared_ptr<grpc::ChannelCredentials>(
reinterpret_cast<grpc::ChannelCredentials*>(low_level_ssl_creds)
);
return grpc::CreateCustomChannel(p_proxyPortIp, ssl_creds_cpp, grpc::ChannelArguments());
Reply all
Reply to author
Forward
0 new messages