-
Notifications
You must be signed in to change notification settings - Fork 107
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
x509: certificate is valid for drand.example.com, not drand.example.com:443 #41
Comments
So when I put the
Since it's explicitely stated as a testing method, I figure we need to remove that call to Basically, that would require separating the method creating new connections into two, and have two ways of a creating a GRPC client: regular one that will not even need |
I'll try to see what I can come up with this week, but that's gonna take a little bit of time though, so I can't promise anything. |
I think only I can think of a couple of simpler ways that don't require two separate calls. One is to separate the port number as its own parameter for each node, the other is to have an optional parameter that is the SNI. I'm working on a branch with a few fixes, I can implement this and let me know if it doesn't pass the tests. |
I've come up with a way to disable the |
Hopefully #44 should have solved the problem, let me know if you have still issues with it otherwise feel free to close it. |
It seems to be working, thanks! |
In this line, the
serverNameOverride
parameter is set to be thehost:port
address, which is different from the server name:https://github.com/dedis/drand/blob/5aae894956265da27653de203863f4f045915226/net/client_grpc.go#L122
In particular, I got a pretty strange error when testing
drand run
:dkg: failed to send deal to drand.example.com:443: rpc error: code = Unavailable desc = all SubConns are in TransientFailure, latest connection error: connection error: desc = "transport: authentication handshake failed: x509: certificate is valid for *.example.com, drand.example.com, not drand.example.com:443"
I think this could also be a side effect (if not bug) of my load balancer setup, but I realized that the docs for
NewClientTLSFromFile
suggest that this parameter be used only for testing:Is
p.Address()
needed there? If not, removing it will relieve some headache on my end.The text was updated successfully, but these errors were encountered: