Regarding the compilation of GRPC for libcrypto.a
Vivek Srivastava
Paul Grosu
Please elaborate on the steps you took to get to this error (i.e. OS, commands that were run, and console output of the errors).
Thanks,
Paul
Paul Grosu
I had to perform several fixes, and I hope I didn't miss anything. I'm replying to the group in case other folks want to add something I might have overlooked.
1) First you will need to generate the private key and certificate as follows, which is documented in the Readme file - the roots.pem is already provided under /etc/roots.pem, but not needed for the server since you want custom credentials:
$ openssl genrsa -out server1.key.rsa 1024
$ openssl pkcs8 -topk8 -in server1.key.rsa -out server1.key -nocrypt
$ rm server1.key.rsa
$ openssl req -new -key server1.key -out server1.csr -config server1-openssl.cnf
When prompted for certificate information, everything is default except the
common name which is set to *.test.google.com.
$ openssl ca -in server1.csr -out server1.pem
Make sure you add your domain and IP addresses to the server1.openssl.cnf file, which looks something like this:
[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req
[req_distinguished_name]
countryName = Country Name (2 letter code)
countryName_default = US
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Illinois
localityName = Locality Name (eg, city)
localityName_default = Chicago
organizationName = Organization Name (eg, company)
organizationName_default = Example, Co.
commonName = Common Name (eg, YOUR name)
commonName_max = 64
[v3_req]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = *.test.google.fr
DNS.2 = waterzooi.test.google.be
DNS.3 = *.test.youtube.com
IP.1 = "192.168.1.3"
IP.2 = "0.0.0.0"
DNS.4 = localhost
You can copy the ones from here:
../../../../grpc/src/core/lib/tsi/test_creds/
but the IP and DNS would be different. It runs, but it'll naturally give you "No match found for server name" errors if using the key/cert pair from Github.
2) Then make sure you add to the helloworld.proto file the age field in the reply message, since you are using it in your client and server:
uint32 age = 2;
and it would then look like this:
// The response message containing the greetings
message HelloReply {
string message = 1;
uint32 age = 2;
}
3) Then fix the Makefile as follows for the flags including the _YOUR_PROTOBUF_ locations (I added ../../../include and ../../../libs/opt as a reference, to where you will have the include files and compiled grpc libs):
CPPFLAGS += -I/usr/local/include -pthread -I/_YOUR_PROTOBUF_/include -I../../../include
CXXFLAGS += -std=c++11
ifeq ($(SYSTEM),Darwin)
LDFLAGS += -L/usr/local/lib -L../../../libs/opt -L/_YOUR_PROTOBUF_/lib \
-lgrpc++_reflection \
-lprotobuf -lpthread -ldl
else
LDFLAGS += -L/usr/local/lib -L../../../libs/opt -L/_YOUR_PROTOBUF_/lib \
-Wl,--no-as-needed -lgrpc++_reflection -Wl,--as-needed \
-lprotobuf -lpthread -ldl
endif
Then use the attached files, and I had to change some of your include files since they were either not pointing to the correct directory or were not needed. My cluster does not allow me to create certificates (i.e. I don't have permissions to certain directories), so you will need to create them and run the code. I can ran client and server, but don't have the proper certificates - since I cannot create them - but code should be okay.
Let us know how it goes.
Hope it helps,
Paul
From: Vivek Srivastava [mailto:vive...@gmail.com]
Sent: Tuesday, August 2, 2016 5:55 AM
To: Paul Grosu
Subject: Re: [grpc-io] Re: Regarding the compilation of GRPC for
libcrypto.a
hi Paul
I have done the below steps :
1. Checked out the code of grpc from github and compiled for SSL server and client.
2. Main Makefile (which is present in root) for grpc compilation is attached as GRPC_MAIN_MAKE.
3. File for greeter_server.cc and greeter_client (after doing my changes for SSL serve and client) is attached as GREETER_SERVER.CC and GREETER_CLIENT..CC .
4. Makefile used to for compilation of greeter_server and greeter_client binaries are attached as GREETER_MAKE .
5. Compilation command used for compilation of grpc is => "make EMBED_ZLIB=true" .
6. Compilation command used for compilation of greeter_server and greeter_client is "make" whose Makefile is present in directory: "grpc-release-0_15/examples/cpp/helloworld/"
7. OS is Linux
8. After compilation i copied the greeter_server and greeter_client binaries on server with shared libraries
1. libgrpc++.so.0.15.0-dev
2. libgrpc.so.0.15.0-dev
9. I ran the greeter_server and greeter_client binaries on different tabs and i see the below errors on console:
On server Error:
E0801 10:47:04.937620802 4121 ssl_transport_security.c:953] Handshake failed with fatal error SSL_ERROR_SSL: error:100000b8:SSL routines:OPENSSL_internal:NO_SHARED_CIPHER.
E0801 10:47:04.937688243 4121 handshake.c:128] Security handshake failed: {"created":"@1470048424.937656200","description":"Handshake failed","file":"src/core/lib/security/transport/handshake.c","file_line":264,"tsi_code":10,"tsi_error":"TSI_PROTOCOL_FAILURE"}
E0801 10:47:04.937762814 4121 server_secure_chttp2.c:119] Secure transport failed with error 1
On Client side Error:
E0801 10:47:04.938230033 4122 handshake.c:128] Security handshake failed: {"created":"@1470048424.938180351","description":"Handshake read failed","file":"src/core/lib/security/transport/handshake.c","file_line":237,"referenced_errors":[{"created":"@1470048424.938118363","description":"EOF","file":"src/core/lib/iomgr/tcp_posix.c","file_line":233}]}
E0801 10:47:04.938476088 4122 secure_channel_create.c:98] Secure handshake failed with error 1.
I0801 10:47:04.938753317 4122 subchannel.c:642] Connect failed: null
I0801 10:47:04.938913527 4122 subchannel.c:647] Retry in 0.996400640 seconds
Greeter received: RPC failed