我正在尝试使用gRPC与TLS证书建立加密连接。有了不安全的连接,一切都很好,我也试着用客户端写的去,它也工作。但使用Python时,我会遇到以下错误:
grpc._channel._Rendezvous: <_Rendezvous of RPC that terminated with:
status = StatusCode.UNAVAILABLE
details = "failed to connect to all addresses"
debug_error_string = "{"created":"@1565190346.229323178","description":"Failed to pick subchannel","file":"src/core/ext/filters/client_channel/client_channel.cc","file_line":3528,"referenced_errors":
[{"created":"@1565190346.229314131","description":"failed to connect to all addresses","file":"src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc","file_line":399,"grpc_status":14}]}"
这是我客户的代码:
^{pr2}$有什么建议吗?在
更新
下面是带有GRPC_TRACE
和GRPC_VERBOSITY
环境变量的输出。在
os.environ['GRPC_TRACE'] = 'transport_security,tsi'
os.environ['GRPC_VERBOSITY'] = 'DEBUG'
I0808 11:24:21.077552208 28357 ev_epoll1_linux.cc:116] grpc epoll fd: 3
D0808 11:24:21.077580061 28357 ev_posix.cc:174] Using polling engine: epoll1
D0808 11:24:21.077622131 28357 dns_resolver_ares.cc:483] Using ares dns resolver
E0808 11:24:21.077633004 28357 trace.cc:65] Unknown trace var: 'transport_security'
I0808 11:24:21.402168083 28357 ssl_transport_security.cc:217] HANDSHAKE START - TLS client start_connect - !!!!!!
I0808 11:24:21.402353776 28357 ssl_transport_security.cc:217] LOOP - TLS client enter_early_data - !!!!!!
I0808 11:24:21.402387194 28357 ssl_transport_security.cc:217] LOOP - TLS client read_server_hello - !!!!!!
I0808 11:24:21.606877030 28357 ssl_transport_security.cc:217] LOOP - TLS client read_server_certifi - !!!!!!
I0808 11:24:21.607580283 28357 ssl_transport_security.cc:217] LOOP - TLS client read_certificate_st - !!!!!!
I0808 11:24:21.607612862 28357 ssl_transport_security.cc:217] LOOP - TLS client verify_server_certi - !!!!!!
I0808 11:24:21.613300944 28357 ssl_transport_security.cc:217] LOOP - TLS client read_server_key_exc - !!!!!!
I0808 11:24:21.614718867 28357 ssl_transport_security.cc:217] LOOP - TLS client read_certificate_re - !!!!!!
I0808 11:24:21.614762602 28357 ssl_transport_security.cc:217] LOOP - TLS client read_server_hello_d - !!!!!!
I0808 11:24:21.614782664 28357 ssl_transport_security.cc:217] LOOP - TLS client send_client_certifi - !!!!!!
I0808 11:24:21.614798210 28357 ssl_transport_security.cc:217] LOOP - TLS client send_client_key_exc - !!!!!!
I0808 11:24:21.616791101 28357 ssl_transport_security.cc:217] LOOP - TLS client send_client_certifi - !!!!!!
I0808 11:24:21.616817014 28357 ssl_transport_security.cc:217] LOOP - TLS client send_client_finishe - !!!!!!
I0808 11:24:21.616891441 28357 ssl_transport_security.cc:217] LOOP - TLS client finish_flight - !!!!!!
I0808 11:24:21.616916680 28357 ssl_transport_security.cc:217] LOOP - TLS client read_session_ticket - !!!!!!
I0808 11:24:21.811575115 28357 ssl_transport_security.cc:217] LOOP - TLS client process_change_ciph - !!!!!!
I0808 11:24:21.811645429 28357 ssl_transport_security.cc:217] LOOP - TLS client read_server_finishe - !!!!!!
I0808 11:24:21.811706483 28357 ssl_transport_security.cc:217] LOOP - TLS client finish_client_hands - !!!!!!
I0808 11:24:21.811745454 28357 ssl_transport_security.cc:217] LOOP - TLS client done - !!!!!!
I0808 11:24:21.811763000 28357 ssl_transport_security.cc:217] HANDSHAKE DONE - TLS client done - !!!!!!
D0808 11:24:21.811984315 28357 security_handshaker.cc:176] Security handshake failed: {"created":"@1565252661.811954686","description":"Cannot check peer: missing selected ALPN property.","file":"src/core/lib/security/security_connector/ssl_utils.cc","file_line":129}
I0808 11:24:21.812313765 28357 subchannel.cc:1031] Connect failed: {"created":"@1565252661.811954686","description":"Cannot check peer: missing selected ALPN property.","file":"src/core/lib/security/security_connector/ssl_utils.cc","file_line":129}
最新版本的PIP grpcio包(1.23.0)是用旧版本的OpenSSL编译的,该版本不能正确地支持ALPN,GRPC需要ALPN作为规范的一部分。在
如果你pip安装grpcio~=1.19.0,它就可以工作了,由于一个不同的错误,这个版本的grpcio根本不需要ALPN。在
ALPN只是一种性能改进,因此禁用它不会带来安全风险。在
相关问题 更多 >
编程相关推荐