Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Loopback connection is considered insecure #711

Closed
htdvisser opened this issue May 20, 2019 · 1 comment
Closed

Loopback connection is considered insecure #711

htdvisser opened this issue May 20, 2019 · 1 comment
Assignees
@htdvisser
Labels
c/shared This is shared between components
Milestone
May 2019

Comments

@htdvisser
Copy link
Contributor

Summary

The loopback connection is not considered secure by gRPC, resulting in errors when sending credentials on it (transport: cannot send secure credentials on an insecure connection).

Steps to Reproduce

  1. Start the stack
  2. Connect an authenticated gateway to the GS

What do you see now?

Reported by Matthew Dean on Slack:

stack_1      |   WARN Finished unary call                      duration=48.909µs error=rpc error: code = Unauthenticated desc = transport: cannot send secure credentials on an insecure connection grpc_code=Unauthenticated grpc_method=Get grpc_service=ttn.lorawan.v3.GatewayRegistry namespace=grpc
stack_1      |   WARN Failed to setup connection               error=error:unknown:unknown (transport: cannot send secure credentials on an insecure connection) namespace=gatewayserver/io/mqtt remote_addr=X.X.X.X:35175

What do you want to see instead?

It shouldn't complain about this

Environment

v3.0.3

How do you propose to implement this?

  • either we make the loopback connection use transport security, or
  • we tell gRPC to consider the loopback connection secure

Can you do this yourself and submit a Pull Request?

Sure.

Until this is resolved the recommended workaround is using the grpc.allow-insecure-for-credentials flag.
@htdvisser htdvisser added the c/shared This is shared between components label May 20, 2019
@htdvisser htdvisser added this to the Next Up milestone May 20, 2019
@htdvisser htdvisser self-assigned this May 20, 2019
@htdvisser htdvisser modified the milestones: Next Up, May 2019 May 23, 2019
@htdvisser htdvisser mentioned this issue May 23, 2019
Merged
htdvisser added a commit that referenced this issue May 24, 2019
@htdvisser
Merge pull request #739 from TheThingsNetwork/issue/711-loopback-conn
fe36f1e 
Secure in-process loopback gRPC connection (#711)
@htdvisser htdvisser mentioned this issue May 24, 2019
Merged
htdvisser added a commit that referenced this issue May 24, 2019
@htdvisser
Merge pull request #755 from TheThingsNetwork/issue/711-cluster-loopback
48662cc 
Use loopback connection in cluster package (#711)
@htdvisser
Copy link
Contributor Author

With #739 and #755 merged this issue should now be resolved (in master, or the next patch release)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@htdvisser htdvisser

Labels
c/shared This is shared between components
Projects
None yet
Milestone
May 2019
Development

No branches or pull requests
1 participant
@htdvisser