6

How do I set the TLS/SNI (https://en.wikipedia.org/wiki/Server_Name_Indication) in the Python/C++ gRPC client API?

In other words, what's the equivalent of setting the -servername in openssl s_client?

I have verified my TLS server works by using the correct flags on openssl s_client:

 openssl s_client -connect "myserver.tunnel.dev:4443" -servername "myserver.tunnel.dev"

However, I wasn't able to setup the credentials correct with the Python /C++ API:

uri = "myserver.tunnel.dev:4443"
hostname = "myserver.tunnel.dev"

creds = grpc.ssl_channel_credentials(
    root_certificates=dev_cert)
    # root_certificates=certificate_chain)
    # certificate_chain=certificate_chain)
channel = grpc.secure_channel(uri, creds,
    options=(('grpc.ssl_target_name_override', hostname),)
)

This throws:

grpc._channel._Rendezvous: <_Rendezvous of RPC that terminated with (StatusCode.UNAVAILABLE, Connect Failed)>

In the ChannelOptions struct, the closest option I could find is ssl_target_name_override, which doesn't work either.

Improve this question
1
  • As suggested in srini's answer, try running with GRPC_TRACE=all and GRPC_VERBOSITY=debug to get additional details on the connect failure, e.g., GRPC_TRACE=all GRPC_VERBOSITY=debug python client.py Commented Dec 3, 2018 at 18:27

1 Answer 1

Reset to default
5

Setting options=(('grpc.ssl_target_name_override', hostname),) should work. This is the right way to override host name. In this case, it seems unnecessary as your uri host and override host are the same. You could turn on some tracing by using the environment variables listed here and see if the handshake is failing or the is there some other reason for connection failure.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Details at hikingandcoding.wordpress.com/2022/01/19/…

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.