TLS客户端无法与gRPC连接

2024-09-28 19:19:40 发布

您现在位置:Python中文网/ 问答频道 /正文
6171 3

我正在尝试使用gRPC与TLS证书建立加密连接。有了不安全的连接,一切都很好,我也试着用客户端写的去,它也工作。但使用Python时,我会遇到以下错误:

grpc._channel._Rendezvous: <_Rendezvous of RPC that terminated with:
        status = StatusCode.UNAVAILABLE
        details = "failed to connect to all addresses"
        debug_error_string = "{"created":"@1565190346.229323178","description":"Failed to pick subchannel","file":"src/core/ext/filters/client_channel/client_channel.cc","file_line":3528,"referenced_errors":
[{"created":"@1565190346.229314131","description":"failed to connect to all addresses","file":"src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc","file_line":399,"grpc_status":14}]}"

这是我客户的代码:

^{pr2}$

有什么建议吗?在

更新

下面是带有GRPC_TRACEGRPC_VERBOSITY环境变量的输出。在

os.environ['GRPC_TRACE'] = 'transport_security,tsi'
os.environ['GRPC_VERBOSITY'] = 'DEBUG'

I0808 11:24:21.077552208   28357 ev_epoll1_linux.cc:116]     grpc epoll fd: 3                                                                                                                                        
D0808 11:24:21.077580061   28357 ev_posix.cc:174]            Using polling engine: epoll1                                                                                                                            
D0808 11:24:21.077622131   28357 dns_resolver_ares.cc:483]   Using ares dns resolver                                                                                                                                 
E0808 11:24:21.077633004   28357 trace.cc:65]                Unknown trace var: 'transport_security'                                                                                                                 
I0808 11:24:21.402168083   28357 ssl_transport_security.cc:217]      HANDSHAKE START -       TLS client start_connect  - !!!!!!                                                                                      
I0808 11:24:21.402353776   28357 ssl_transport_security.cc:217]                 LOOP -    TLS client enter_early_data  - !!!!!!                                                                                      
I0808 11:24:21.402387194   28357 ssl_transport_security.cc:217]                 LOOP -   TLS client read_server_hello  - !!!!!!                                                                                      
I0808 11:24:21.606877030   28357 ssl_transport_security.cc:217]                 LOOP - TLS client read_server_certifi  - !!!!!!                                                                                      
I0808 11:24:21.607580283   28357 ssl_transport_security.cc:217]                 LOOP - TLS client read_certificate_st  - !!!!!!                                                                                      
I0808 11:24:21.607612862   28357 ssl_transport_security.cc:217]                 LOOP - TLS client verify_server_certi  - !!!!!!                                                                                      
I0808 11:24:21.613300944   28357 ssl_transport_security.cc:217]                 LOOP - TLS client read_server_key_exc  - !!!!!!                                                                                      
I0808 11:24:21.614718867   28357 ssl_transport_security.cc:217]                 LOOP - TLS client read_certificate_re  - !!!!!!                                                                                      
I0808 11:24:21.614762602   28357 ssl_transport_security.cc:217]                 LOOP - TLS client read_server_hello_d  - !!!!!!                                                                                      
I0808 11:24:21.614782664   28357 ssl_transport_security.cc:217]                 LOOP - TLS client send_client_certifi  - !!!!!!                                                                                      
I0808 11:24:21.614798210   28357 ssl_transport_security.cc:217]                 LOOP - TLS client send_client_key_exc  - !!!!!!
I0808 11:24:21.616791101   28357 ssl_transport_security.cc:217]                 LOOP - TLS client send_client_certifi  - !!!!!!
I0808 11:24:21.616817014   28357 ssl_transport_security.cc:217]                 LOOP - TLS client send_client_finishe  - !!!!!!
I0808 11:24:21.616891441   28357 ssl_transport_security.cc:217]                 LOOP -       TLS client finish_flight  - !!!!!!
I0808 11:24:21.616916680   28357 ssl_transport_security.cc:217]                 LOOP - TLS client read_session_ticket  - !!!!!!
I0808 11:24:21.811575115   28357 ssl_transport_security.cc:217]                 LOOP - TLS client process_change_ciph  - !!!!!!
I0808 11:24:21.811645429   28357 ssl_transport_security.cc:217]                 LOOP - TLS client read_server_finishe  - !!!!!!
I0808 11:24:21.811706483   28357 ssl_transport_security.cc:217]                 LOOP - TLS client finish_client_hands  - !!!!!!
I0808 11:24:21.811745454   28357 ssl_transport_security.cc:217]                 LOOP -                TLS client done  - !!!!!!
I0808 11:24:21.811763000   28357 ssl_transport_security.cc:217]       HANDSHAKE DONE -                TLS client done  - !!!!!!
D0808 11:24:21.811984315   28357 security_handshaker.cc:176] Security handshake failed: {"created":"@1565252661.811954686","description":"Cannot check peer: missing selected ALPN property.","file":"src/core/lib/security/security_connector/ssl_utils.cc","file_line":129}
I0808 11:24:21.812313765   28357 subchannel.cc:1031]         Connect failed: {"created":"@1565252661.811954686","description":"Cannot check peer: missing selected ALPN property.","file":"src/core/lib/security/security_connector/ssl_utils.cc","file_line":129}

Tags: toclientloopsslreadservertlschannel
1条回答
网友
1楼 · 发布于 2024-09-28 19:19:40

最新版本的PIP grpcio包(1.23.0)是用旧版本的OpenSSL编译的,该版本不能正确地支持ALPN,GRPC需要ALPN作为规范的一部分。在

如果你pip安装grpcio~=1.19.0,它就可以工作了,由于一个不同的错误,这个版本的grpcio根本不需要ALPN。在

ALPN只是一种性能改进,因此禁用它不会带来安全风险。在

相关问题 更多 >

    编程相关推荐