-
Notifications
You must be signed in to change notification settings - Fork 49
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
TLS client authentication support #14
Comments
@andrm yes having a simple test case would be great. |
Please see https://github.com/andrm/grpcclientcertcase |
Any hints? Is the testcase ok? |
that's something we haven't yet had time to investigate (we've been very busy closing 3.5.0) |
could you port your test case to the vertx-grpc codebase to help us ? |
I will try to. (Thanks for your effort with 3.5.0) |
Please see my pull request for the testcase: |
the corresponding issue in gRPC has been solved : grpc/grpc-java#3682 (so we need a release) this is necessary to fix this current issue |
This is good news! Does grpc plan any release soon? |
"this will be in the 1.8 release scheduled for November 21st." |
that being said, we are also waiting for other fixes from netty that is not yet released, so I don't know yet how we will handle all these fixes... |
grpc-java 1.8 was released, now waiting for netty. |
thing is that the netty version we are waiting for, is not yet used by gRPC, so it means we need to wait for another gRPC release somehow |
or we force the Netty dependency if that's acceptable |
that being said, the fix could be tried in a branch of this repo with a force upgrade of Netty |
I'm fine with forcing the netty dependency. |
So the current plan is wait for grpc 1.9.0? |
Netty 4.1.18.Final has been released today, we need to check when gRPC will use this version or try to override it |
@ejona86 any plan of the next grpc release that would include Netty-4.1.18.Final ? |
I don't see a change for grpc-java in 1.10.0 for a new netty version. Anything I can do? |
we need to integrate grpc 1.9.0 and force dependency on Netty 4.1.19.Final, both are compatible (even if grpc 1.9.0 depends on 1.17.Final) |
@andrm I've just bumped both the gRPC compiler and gRPC lib to 1.9.0 can you give it a try and see if it's fixed? |
My testcase works with 3.5.1-SNAPSHOT and alpn-boot-8.1.11.v20170118.jar |
thanks for reporting |
Version 3.4.2. Tried openssl(tc-nativ-boring-static) and jdk(1.8_144). SSL works, ClientCert required does not seem to be advertised.
VertxServer server = VertxServerBuilder. forPort(vertx, 8080) //.useTransportSecurity(new File("certs/TestServer.chain"), // new File("certs/TestServerKey.pem"))
.useSSL(tcpsslOptions -> {
JksOptions trustOptions = new JksOptions()
.setPath("certs/truststore.jks")
.setPassword("testpw");
//PemTrustOptions trustOptions = new PemTrustOptions()
// .addCertPath("certs/TestCA.crt");
//PfxOptions trustOptions = new PfxOptions()
// .setPath("certs/testclient.p12")
// .setPassword("testpw");
HttpServerOptions options = (HttpServerOptions)tcpsslOptions;
options.setSsl(true)
.setUseAlpn(true)
.setClientAuth(ClientAuth.REQUIRED)
.setClientAuthRequired(true)
.setSni(true)
.setTrustStoreOptions(trustOptions)
.setTrustOptions(trustOptions)
.setKeyStoreOptions(new JksOptions()
.setPath("certs/server-keystore.jks")
.setPassword("testpw"))
//.setOpenSslEngineOptions(new OpenSSLEngineOptions().setSessionCacheEnabled(false))
}).addService(sd).build();`
openssl and jdk complain both that the "peer is not verified" or "peer is not authenticated".
I think netty and grpc stuff would work, it is probably a vertx issue. Can you please check?
If you need a complete testcase let me know.
The text was updated successfully, but these errors were encountered: