SSL credential failed
laoyigrace opened this issue · comments
laoyigrace commented
code is:
read ca 、cert、key function:
`
int grpc_load_file(const char *filename, int add_null_terminator,
grpc_slice *output) {
unsigned char *contents = NULL;
size_t contents_size = 0;
grpc_slice result = grpc_empty_slice();
FILE *file;
size_t bytes_read = 0;
int ret = 0;
file = fopen(filename, "rb");
if (file == NULL) {
log_error("fopen %s failed!, err: %s", filename, strerror(errno));
ret = -1;
goto end;
}
fseek(file, 0, SEEK_END);
/* Converting to size_t on the assumption that it will not fail */
contents_size = (size_t)ftell(file);
fseek(file, 0, SEEK_SET);
contents = gpr_malloc(contents_size + (add_null_terminator ? 1 : 0));
bytes_read = fread(contents, 1, contents_size, file);
if (bytes_read < contents_size) {
log_error("fread %s failed!, err: %s", filename, strerror(errno));
ret = -1;
goto end;
}
if (add_null_terminator) {
contents[contents_size++] = 0;
}
result = grpc_slice_new(contents, contents_size, gpr_free);
end:
*output = result;
if (file != NULL) fclose(file);
return ret;
}`
connect to grpc server:
`
ret = grpc_load_file("/etc/cnq-agent/certs/grpc-ca.crt", 1, &ca_slice);
if (ret < 0)
{
log_error("grpc_load_file ca failed!");
return;
}
ret = grpc_load_file("/etc/cnq-agent/certs/grpc-client.crt", 1, &cert_slice);
if (ret < 0)
{
log_error("grpc_load_file cert failed!");
return;
}
ret = grpc_load_file("/etc/cnq-agent/certs/grpc-client.key", 1, &key_slice);
if (ret < 0)
{
log_error("grpc_load_file cert failed!");
return;
}
const char *ca_cert = (const char *)GRPC_SLICE_START_PTR(ca_slice);
log_debug("ca cert = %s", ca_cert);
pem_key_cert_pair.private_key = (const char *)GRPC_SLICE_START_PTR(key_slice);
pem_key_cert_pair.cert_chain = (const char *)GRPC_SLICE_START_PTR(cert_slice);
grpc_channel_credentials *ssl_creds = grpc_ssl_credentials_create(
ca_cert, NULL, NULL);
if (ssl_creds == NULL)
{
log_error("grpc_ssl_credentials_create failed!");
return;
}
/*
* Create a client object with client name as client_streaming client to
* be talking to a insecure server
*/
s_client = grpc_c_client_init_by_host("CNQ:9445", "client streaming client", ssl_creds,
NULL);
if (s_client == NULL)
{
log_error("grpc_c_client_init_by_host failed!");
return;
}`
err info:
ssl_transport_security.c:937 Handshake failed with fatal error SSL_ERROR_SSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed.
can you help me? why?