-
Notifications
You must be signed in to change notification settings - Fork 3.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
GrpcSslContext bug for mutual authentication #870
Comments
It does seem it is a current limitation, either due to Netty or gRPC. What is missing is a call to |
Will the implementation of the missing call to SSLEngine.wantClientAuth(true) be in the pipeline? |
I'm not quite sure yet where we will put it. I would probably favor adding the configuration to Netty's SslContextBuilder, but it will take some investigation. If you want to hack up a change for your local usage, you can add the line to NettyServerTransport or ProtocolNegotiators. |
Support from Netty for requesting client certificates was added in netty/netty#4237 |
Closing since it seems necessary features are now available in netty. |
A word of warning: It appears that in some environments the GRPC server accepts untrusted client certificates. |
Hi,
My 1-way SSL authentication is working with the codes below, however, it doesn't seem to work for 2-way. I understand that by declaring the appropriate SslContext, we should be able to enable mutual authentication. I have already invoked the appropriate keyManager/trustManager, any idea why the mutual authentication did not take place?
I followed the steps to set up jetty ALPN at https://github.com/grpc/grpc-java/blob/master/SECURITY.md.
@ Server:
@ Client:
Upon inspection of the SSL debug logs, I noticed that the CertificateRequest message (as stated in https://en.wikipedia.org/wiki/Transport_Layer_Security#Client-authenticated_TLS_handshake), was never sent to the client to initiate the Client Authentication.
An excerpt of my server log is as follows:
Am I missing out something? Or is it an inherent bug in gRPC?
Appreciate any advice on this problem.
The text was updated successfully, but these errors were encountered: