Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Channel connect with tls with IP address will failed with InvalidDNSNameError #279

Closed
Sherlock-Holo opened this issue Mar 2, 2020 · 3 comments
Closed

Channel connect with tls with IP address will failed with InvalidDNSNameError #279

Sherlock-Holo opened this issue Mar 2, 2020 · 3 comments

Comments

@Sherlock-Holo
Copy link
Contributor

Bug Report

Version 0.1.1

└── tonic v0.1.1

Platform

Linux SherlockHolo 5.5.7-arch1-1 #1 SMP PREEMPT Sat, 29 Feb 2020 19:06:02 +0000 x86_64 GNU/Linux

Description

my dependencies is

http = "0.2"
tonic = { version = "0.1", features = ["transport", "tls"] }
tokio = { version = "0.2", features = ["rt-core", "macros", "sync", "time", "rt-util", "fs"] }

I try

use std::str::FromStr;
use std::time::Duration;

use http::Uri;
use tokio::fs;
use tonic::transport::{Certificate, Channel, ClientTlsConfig, Identity};

#[tokio::main]
async fn main() {
    let uri = Uri::from_str("https://127.0.0.1:9876").unwrap();

    let ca = fs::read("ca.pem").await.unwrap();

    let ca = Certificate::from_pem(ca);

    let key = fs::read("key.pem").await.unwrap();
    let cert = fs::read("cert.pem").await.unwrap();

    let identity = Identity::from_pem(cert, key);

    let tls_config = ClientTlsConfig::new()
        .ca_certificate(ca)
        .identity(identity);

    let channel = Channel::builder(uri)
        .tls_config(tls_config)
        .tcp_keepalive(Some(Duration::from_secs(5)))
        .connect()
        .await.unwrap();
}

and use nc -l 127.0.0.1 9876 to listen, it should connect success and nc will print something aboult tls handshake, but it failed with thread 'main' panicked at 'called Result::unwrap()on anErr value: tonic::transport::Error(Transport, hyper::Error(Connect, InvalidDNSNameError))', src/libcore/result.rs:1188:5.

If I use https://localhost:9876 it connects successfully and nc print something about tls handshake messages. It should not happen.
@LucioFranco
Copy link
Member

This is a limitation with rustls rustls/hyper-rustls#84

If this is a problem then I suggest switching to openssl via using hyper manually.

@Sherlock-Holo
Copy link
Contributor Author

so if I want to do this maybe I can replace channel with my implement?or perhaps just use my connector?

@LucioFranco
Copy link
Member

@Sherlock-Holo correct I would try to use https://docs.rs/hyper-openssl/0.8.0/hyper_openssl/ with https://github.com/hyperium/tonic/tree/master/examples/src/hyper_warp example which shows how to use hyper directly :) Feel free to join the discord if you have any questions.

@shaan1337 shaan1337 mentioned this issue Jun 22, 2021
Open
@haojinming haojinming mentioned this issue Feb 2, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@LucioFranco @Sherlock-Holo