Why I can't use default root certificates when I create a channel with client certificates and key? #362
Description
Question Checklist
- Updated grpc-swift to the latest version
- I read the Contribution Guidelines
- I read README
- I searched for existing GitHub issues (especially, there are many resolved issues related to SSL)
Question Subject
The question consists of two parts.
- In ObjC GRPC I can set client certificates and private key and still use default "roots.pem" certificates as root certificates. In SwiftGRPC default root certificates are used only when I create channel using
address:secure:arguments:initializer. Is this intentional and if it is, what reason for? - In other GRPC-libraries, I still have access to default certificates, usually through "roots.pem" file.
In SwiftGRPC there is only a function that returns regular "roots.pem" content. This function is internal so I have no access to default root certificates and could not use them to pass them into anaddress:certificates:clientCertificates:clientKey:args:initializer. Is this intentional and if it is, what reason for?
Question Description
As for now the only decision that allows me to create a channel with default root certificates is to download "roots.pem" and put it into my app, while I know that SwiftGRPC framework already contains it.
To be honest, I'm not very familiar with GRPC properly usage, and my expectations are mostly based on other GRPC frameworks knowledge. The question may be dumb and I apologize in advance.
Update: I've discovered that grpc-swift project also have "roots.pem" file which does not included as a resource into a pod.
It looks weird for me that "roos.pem" used by a grpc undercover, grpc-swift uses roots_pem() method in swift, and a pod user has no access to any of this file and no ability to the use default root certificates with his own client certificates and key.
In my opinion either "roots.pem" should be added to pod resources in a podspec, or roots_pem() must be a public, or Channel initializer should have a parameter to use default root certificates. The third way allows to keep private roots_pem() method and does not include "roots.pem" as a resourse of SwiftGRPC pod.