gRPC 1.17 sends requests in plaintext form

[pavel.o...@gmail.com]

Hello!

I just finished migration from gRPC 0.11 to 1.17 and I noticed very weird behaviour. gRPC sends requests in plaintext form instead of using TLS connection on remote side. Old gRPC works as expected and sends requests over encrypted channel. 

I properly linked my tool with all required libraries and OpenSSL:

ldd app|grep grpc

libgpr.so.7 => /opt/libraries/grpc/lib/libgpr.so.7 (0x0000007f7f829000)

libgrpc++.so.1 => /opt/libraries/grpc/lib/libgrpc++.so.1 (0x0000007f7f798000)

libgrpc_unsecure.so.7 => /opt/libraries/grpc/lib/libgrpc_unsecure.so.7 (0x0000007f7f681000)

libgrpc.so.7 => /opt/libraris/grpc/lib/libgrpc.so.7 (0x0000007f7f52d000)

libgrpc++_unsecure.so.1 => /opt/libraries/grpc/lib/libgrpc++_unsecure.so.1 (0x0000007f7ce74000)

I use both encrypted and plaintext version of gRPC for different services. 

And I use following code to make query:

grpc::SslCredentialsOptions ssl_opts = { ca_cert, "", "" };

auto channel_creds                   = grpc::SslCredentials(ssl_opts);

Client server_api(grpc::CreateChannel("server.domain.tld:12912", channel_creds));

server_api.GetExternalAddress();

In Client definition: 

```

class Client {

    public:

    ApiClient(std::shared_ptr<grpc::Channel> channel)

    : stub_(mynamespace::MyService::NewStub(channel)) {

    }

```

For some absolutely strange reasons this query arrives to server in plaintext form and I can see all headers in Wireshark HTTP/2 dissector.

Of course, server (with older gRPC version) rejects this query with SSL handsheke error:

2018-12-22 20:40:45,928 [WARN] gRPC low level log: Handshake failed with fatal error SSL_ERROR_SSL: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number.

2018-12-22 20:40:45,928 [WARN] gRPC low level log: Handshake failed with error TSI_PROTOCOL_FAILURE

2018-12-22 20:40:45,928 [WARN] gRPC low level log: Secure transport failed with error 2

I checked and my grpc library was properly linked agains OpenSSL:

ldd  /opt/libraries/lib/libgrpc.so.7.0.0 

linux-vdso.so.1 (0x0000007f80e1c000)

libssl.so.1.1 => /usr/lib/aarch64-linux-gnu/libssl.so.1.1 (0x0000007f80c21000)

libcrypto.so.1.1 => /usr/lib/aarch64-linux-gnu/libcrypto.so.1.1 (0x0000007f80a23000)

libdl.so.2 => /lib/aarch64-linux-gnu/libdl.so.2 (0x0000007f80a0e000)

librt.so.1 => /lib/aarch64-linux-gnu/librt.so.1 (0x0000007f809f7000)

libm.so.6 => /lib/aarch64-linux-gnu/libm.so.6 (0x0000007f8093d000)

libpthread.so.0 => /lib/aarch64-linux-gnu/libpthread.so.0 (0x0000007f80911000)

libz.so.1 => /lib/aarch64-linux-gnu/libz.so.1 (0x0000007f808e4000)

libc.so.6 => /lib/aarch64-linux-gnu/libc.so.6 (0x0000007f8078b000)

/lib/ld-linux-aarch64.so.1 (0x0000007f80df1000)

Is anything changed for TLS/SSL client? Should I rewrite code in different way to explicitly enable TLS?

My platform it Ubuntu 18.04 / ARM64.

Thank you!

[pavel.o...@gmail.com]

Hello!

I solved my problem by linking my app only with grpc++ and dropping grpc++_unsecure completely.