This is a simple python gRPC project with mutual server-client tls authentication.
A gRPC server that would
- accept only trusted clients connections
- establish encrypted communication channel
Official gRPC python documentation has a simple example how to establish tls encryption between client and a server. It doesn't talk about how to generate those files or how to establish mutual authentication. In this setup any client can theoretically connect to the server. gRPC library complains if you don't include server certificate but the server doesn't do any kind of authentication by default.
Secure gRPC with TLS/SSL - useful article but it still doesn't clarify confusion about tls certs.
Using SSL with gRPC in Python - doesn't talk about mutual tls authentication but has interesting sections on metadata and compression.
TLS authentication in Python gRPC -
Very useful explanation and the repo itself is an awesome example
of setting up gRPC server and client.
I wonder if it's possible to generate all those keys using only openssl though.
Useful openssl stackoverflow post that talks about setting up CA and signing certificates.
Another stackoverflow
about managing certificates with openssl.
The scope of the example should include:
- A very simple gRPC function
- Server and client setup with mutual tls authentication
- Management commands (probably using invoke) to create/manage all necessary tls files and run the server