Create a secure Grpc Channel without specifying certificates
-
Hello.
I was able to create a secured channel, without need of specifying certificates, using Grpc library in the following way:
auto channel_creds = grpc::SslCredentials(grpc::SslCredentialsOptions());
auto channel = grpc::CreateChannel("server.adress:443", channel_creds);
Now, I need to use Qt Grpc in Qt 6.7 and connect to the same server. But I can't find a way to do this.
I tried to add sslConfiguration to Channel Options with QSslConfiguration::defaultConfiguration(). But I keep receive this error:
Error occurred( QAbstractSocket::RemoteHostClosedError ): "The TLS/SSL connection has been closed"
An the the following error related to the Grpc request:
Error occurred: QGrpcStatus::Unavailable "Network error occurred 1"Is there a way of setting a Ssl connection without specifying certificates like the way I used to do with Grpc library?
I found there was a QGrpcSslCredentials class back in Qt6.5, that maybe had something to do with that, but it's not longer available in Qt6.7 according to documentation.
-
@ChrisW67 I've been thinking that maybe it's something related to OpenSsl because I had to downgrade it once to version 1.0 in order to run a project developed in Qt 5.15. But I've been using QSslConfiguration in Qt 6.7 with Mqtt to call connectToHostEncrypted() and works fine.
That's why I haven't tried to upgrade OpenSsl again. -
@ChrisW67 I've been thinking that maybe it's something related to OpenSsl because I had to downgrade it once to version 1.0 in order to run a project developed in Qt 5.15. But I've been using QSslConfiguration in Qt 6.7 with Mqtt to call connectToHostEncrypted() and works fine.
That's why I haven't tried to upgrade OpenSsl again. -
@rey1996 As long as Qt 6.7 is finding OpenSSL 1.1.1 or later, and Qt 5.15 finds OpenSSL 1.0.x all should be well.
-
@ChrisW67 I checked. I have installed OpenSsl 1.1.1.
I run other test. I was able to connect to the server using QSslSocket with default QSslConfiguration. So that proves that OpenSsl is working fine.
But still I can't connect using Qt Grpc library.Hi,
Did you try to analyze the communication using something like wireshark to see what happens differently between the two variants ?
-
Hi,
Did you try to analyze the communication using something like wireshark to see what happens differently between the two variants ?
-
It should work in general. I suspect you use the self-signed certificate somewhere in your server certificate chain. If so you must probably need to set the respective options, especially https://doc.qt.io/qt-6/qsslconfiguration.html#setPeerVerifyMode , to VerifyNone
-
Has anyone found a workaround here? I have a grpc server behind a load balancer that I successfully hit with grpcurl, postman, and golang client. However, it doesn't work with QGrpc using
qt.network.http2: stream 1 finished with error: "Connection greeterviewmodel: error occurred: "" QGrpcStatus::Unavailable qt.network.http2: stream 3 finished with error: "Connection closed" -
Okay, for some reason, I needed to set the QSslConfiguration's setAllowedNextProtocols({ "h2" }). Leaky abstraction, poor API design, but I can understand it because the Ssl configuration is not just used for grpc servers, but also just standard rest apis and socket connections.
This is something that the Qt team likely didn't test. I will log it in the bug report. Perhaps QGrpcChannelOptions.setSslConfiguration should take a wrapper function or QSslConfiguration should have a
defaultGrpcConfiguration? Or maybe just better docs for this, as I'm sure enterprise customers will need secure channel for grpc.
