-
Notifications
You must be signed in to change notification settings - Fork 644
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Disabling SSL/TLS cert verification when server uses self-signed cert? #160
Comments
In general, we recommend using the CA file for the self-signed cert to test in development environments. I don't think that we currently have an API exposed to disable certificate checking. @jboeuf do you know if there is a gRPC-specific environment variable for that? By default, gRPC uses a recent certificate authority file from Mozilla. |
Cert validation is indeed always enforced.
…On Tue, Jan 23, 2018 at 11:36 AM, Michael Lumish ***@***.***> wrote:
In general, we recommend using the CA file for the self-signed cert to
test in development environments.
I don't think that we currently have an API exposed to disable certificate
checking. @jboeuf <https://github.com/jboeuf> do you know if there is a
gRPC-specific environment variable for that?
By default, gRPC uses a recent certificate authority file from Mozilla.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#160 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AF-P7UjZOuuQwYhvqufoKwUn6WO2-ipYks5tNjSwgaJpZM4RohWj>
.
|
Ok, thanks for clarifying. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
In a development environment, I'm working with a GRPC service hosted with HTTPS and self-signed cert. When I connect using syntax like:
const client = new proto.myservice.MyFunction('hostname.example.com', grpc.credentials.createSsl());
I get several of this error:
E0122 14:15:48.096307000 140735139356672 ssl_transport_security.cc:976] Handshake failed with fatal error SSL_ERROR_SSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed.
Normally, I get around this in Node
request
code by setting env varNODE_TLS_REJECT_UNAUTHORIZED=0
. But, this doesn't appear to have an effect ongrpc
.I'm able to work around this by providing the self-signed cert as argument to
createSsl()
, but is not the preferred method.Is there an appropriate way to disable SSL verification?
Also, is there an SSL trust store that
grpc
looks at or does it only use what is passed intocreateSsl()
?The text was updated successfully, but these errors were encountered: