Reputation: 99
grpc/c++ Handshaker factory creation failed with TSI_INVALID_ARGUMENT
I am creating a static library out of my grpc c++ client and I am able to successfully call the API in the grpc static library using a test application.
But when I integrate the static library with a different service and call the API in the grpc static lib from that service, it fails with the error below
Handshaker factory creation failed with TSI_INVALID_ARGUMENT.
Failed to create secure subchannel for secure name 'xx.xx.xx.xx:xx'
Failed to create channel args during subchannel creation.
On the same VM where I see the above error when I copy and run the test application that calls the grpc client, it works fine.
Here is the client code, based on(https://www.programmersought.com/article/7290364277/):
int main(int argc, char** argv) {
grpc::SslCredentialsOptions ssl_options;
ssl_options.pem_root_certs = SERVER_CRT;
// Create a default SSL ChannelCredentials object.
auto channel_creds = grpc::SslCredentials(ssl_options);
grpc::ChannelArguments cargs;
cargs.SetSslTargetNameOverride("xxx.xxx.com"); // If you add DNS, you don't need this.
// Create a channel using the credentials created in the previous step.
auto channel = grpc::CreateCustomChannel("1.2.3.4:8000", channel_creds , cargs);
// Instantiate the client.
MailClient tester(channel);
}
ssl_options.pem_root_certs = SERVER_CRT;
// The contents of server.crt
const char SERVER_CRT[] = R"(
-----BEGIN CERTIFICATE-----
TjERMA8GA1UECAwIU2hhbmdoYWkxEjAQBgNVBAcMCVNvbmdqaWFuZzEPMA0GA1UE
...
E6v50RCQgtWGmna+oy1I2UTVABdjBFnyKPEuz106mBfOhT6cg80hBHVgrV7sLHq8
76QolJm8yzZPL1qpiO4dKHHsCP6R
-----END CERTIFICATE-----
)";
Probably some issue with the way I have provided the cert?
why does the rpc call in the grpc client work from the test application but not from a different service on the same VM? Any suggestions appreciated.
Upvotes: 3
Views: 3018
Answers (1)
Reputation: 99
The application that I was trying to integrate was using libssl 1.0.2 which doesn't support TLS1.3 but grpc 1.35 by default uses TLS1.3 and openssl 1.1.1. So built gRPC with gRPC_SSL_PROVIDER=package and it picked up libssl 1.0.2 and that fixed the issue. Hope this helps anyone.
Upvotes: 4
Related Questions
- SSL handshake error (CERTIFICATE_VERIFY_FAILED) in grpc++
- GRPC Server throws exception when using SSLServerCredentials in C#
- SSL gRPC client works fine in C#, but fails with UNAVAILABLE "Empty update" in C++
- gRPC client not returning certificate
- gRPC in CPP providing TLS support
- Grpc .Net client fails to connect to server with SSL
- gRPC client failing to connect to server with TLS certificates
- gRPC C++, client: "14: Connect Failed"
- Error in grpc with TLS support
- gRPC + SSL = UnsatisfiedLinkError