Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Disabling SSL/TLS cert verification when server uses self-signed cert? #160

Closed
spoulson opened this issue Jan 22, 2018 · 3 comments
Closed

Disabling SSL/TLS cert verification when server uses self-signed cert? #160

spoulson opened this issue Jan 22, 2018 · 3 comments

Comments

@spoulson
Copy link

In a development environment, I'm working with a GRPC service hosted with HTTPS and self-signed cert. When I connect using syntax like:

const client = new proto.myservice.MyFunction('hostname.example.com', grpc.credentials.createSsl());

I get several of this error:

E0122 14:15:48.096307000 140735139356672 ssl_transport_security.cc:976] Handshake failed with fatal error SSL_ERROR_SSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed.

Normally, I get around this in Node request code by setting env var NODE_TLS_REJECT_UNAUTHORIZED=0. But, this doesn't appear to have an effect on grpc.

I'm able to work around this by providing the self-signed cert as argument to createSsl(), but is not the preferred method.

Is there an appropriate way to disable SSL verification?

Also, is there an SSL trust store that grpc looks at or does it only use what is passed into createSsl()?
@murgatroid99
Copy link
Member

In general, we recommend using the CA file for the self-signed cert to test in development environments.

I don't think that we currently have an API exposed to disable certificate checking. @jboeuf do you know if there is a gRPC-specific environment variable for that?

By default, gRPC uses a recent certificate authority file from Mozilla.

@jboeuf
Copy link

jboeuf commented Jan 23, 2018 via email

@spoulson
Copy link
Author

Ok, thanks for clarifying.

@GingerMoon GingerMoon mentioned this issue Apr 12, 2018
Closed
@lock lock bot locked as resolved and limited conversation to collaborators Sep 29, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@spoulson @murgatroid99 @jboeuf