Giters

Juniper / grpc-c

C implementation of gRPC layered on top of core library

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

SSL credential failed

laoyigrace opened this issue · comments

commented

code is:

read ca 、cert、key function:
`

int grpc_load_file(const char *filename, int add_null_terminator,
grpc_slice *output) {
unsigned char *contents = NULL;
size_t contents_size = 0;
grpc_slice result = grpc_empty_slice();
FILE *file;
size_t bytes_read = 0;
int ret = 0;
file = fopen(filename, "rb");
if (file == NULL) {
    log_error("fopen %s failed!, err: %s", filename, strerror(errno));
    ret = -1;
    goto end;
}
fseek(file, 0, SEEK_END);
/* Converting to size_t on the assumption that it will not fail */
contents_size = (size_t)ftell(file);
fseek(file, 0, SEEK_SET);
contents = gpr_malloc(contents_size + (add_null_terminator ? 1 : 0));
bytes_read = fread(contents, 1, contents_size, file);
if (bytes_read < contents_size) {
    log_error("fread %s failed!, err: %s", filename, strerror(errno));
    ret = -1;
    goto end;
}
if (add_null_terminator) {
    contents[contents_size++] = 0;
}
result = grpc_slice_new(contents, contents_size, gpr_free);
end:
*output = result;
if (file != NULL) fclose(file);
return ret;

}`

connect to grpc server:
`

ret = grpc_load_file("/etc/cnq-agent/certs/grpc-ca.crt", 1, &ca_slice);
    if (ret < 0)
    {
        log_error("grpc_load_file ca failed!");
        return;
    }
    ret = grpc_load_file("/etc/cnq-agent/certs/grpc-client.crt", 1, &cert_slice);
    if (ret < 0)
    {
        log_error("grpc_load_file cert failed!");
        return;
    }
    ret = grpc_load_file("/etc/cnq-agent/certs/grpc-client.key", 1, &key_slice);
    if (ret < 0)
    {
        log_error("grpc_load_file cert failed!");
        return;
    }
    const char *ca_cert = (const char *)GRPC_SLICE_START_PTR(ca_slice);
    log_debug("ca cert = %s", ca_cert);
    pem_key_cert_pair.private_key = (const char *)GRPC_SLICE_START_PTR(key_slice);
    pem_key_cert_pair.cert_chain = (const char *)GRPC_SLICE_START_PTR(cert_slice);
    grpc_channel_credentials *ssl_creds = grpc_ssl_credentials_create(
        ca_cert, NULL, NULL);
    if (ssl_creds == NULL)
    {
        log_error("grpc_ssl_credentials_create failed!");
        return;
    }
    /*
    * Create a client object with client name as client_streaming client to
    * be talking to a insecure server
    */
    s_client = grpc_c_client_init_by_host("CNQ:9445", "client streaming client", ssl_creds,
        NULL);
    if (s_client == NULL)
    {
        log_error("grpc_c_client_init_by_host failed!");
        return;
    }`

err info:
ssl_transport_security.c:937 Handshake failed with fatal error SSL_ERROR_SSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed.

can you help me? why?