GRPC SSL problem: No match found for server name

[maxwel...@gmail.com]

Hi,

I am a newbie with certificates. I have a simple Grpc Server and client and would like to use ssl. The way I did it is the following:

Generate keys with the following command

openssl req -newkey rsa:2048 -nodes -keyout server.key -x509 -days 365 -out server.crt

On the server:

std::shared_ptr<grpc::ServerCredentials> creds;
  std::string serverKey = readCert("/home/pi/updater/server.key");
  std::string serverCrt = readCert("/home/pi/updater/server.crt");
  grpc::SslServerCredentialsOptions ssl_opts;
  grpc::SslServerCredentialsOptions::PemKeyCertPair p = {serverKey,serverCrt};
  ssl_opts.pem_key_cert_pairs.push_back(p);
  ssl_opts.pem_root_certs="";
  auto channel_creds = grpc::SslServerCredentials(ssl_opts);
  ServerBuilder builder;
  // Listen on the given address without any authentication mechanism.
  builder.AddListeningPort(server_address, channel_creds);

On the client:

 std::string serverCrt = readCert("/home/pi/sslkeys/server.crt");
  grpc::SslCredentialsOptions ssl_opts;
  ssl_opts.pem_root_certs=serverCrt;
  auto ssl_creds = grpc::SslCredentials(ssl_opts);
  const std::string ipaddr = "10.10.12.21";
  UpdateServiceClient updater(grpc::CreateChannel(
                                ipaddr+":"+port, ssl_creds));

When I try to connect, I get the following error on the server:

E0225 13:48:31.569300942   18727 ssl_transport_security.cc:1566] No match found for server name: 10.10.12.21.

How can I solve this?

Thanks for your help,

[Daisy Zhu]

You can use NettyChannelBuilder overrideAuthority to match the server identity which is not recommended for security reasons

[maxwel...@gmail.com]

This needs to be done on the client, right?

Is NettyChannelBuilder part of the c++ interface also (which I need)?

[Daisy Zhu]

Yes. Done in client side.

NettyChannelBuilder is the java interface name. I guess C++ should have similar thing.

.