Create a secure Grpc Channel without specifying certificates
-
@ChrisW67 I've been thinking that maybe it's something related to OpenSsl because I had to downgrade it once to version 1.0 in order to run a project developed in Qt 5.15. But I've been using QSslConfiguration in Qt 6.7 with Mqtt to call connectToHostEncrypted() and works fine.
That's why I haven't tried to upgrade OpenSsl again. -
@ChrisW67 I've been thinking that maybe it's something related to OpenSsl because I had to downgrade it once to version 1.0 in order to run a project developed in Qt 5.15. But I've been using QSslConfiguration in Qt 6.7 with Mqtt to call connectToHostEncrypted() and works fine.
That's why I haven't tried to upgrade OpenSsl again. -
@rey1996 As long as Qt 6.7 is finding OpenSSL 1.1.1 or later, and Qt 5.15 finds OpenSSL 1.0.x all should be well.
-
@ChrisW67 I checked. I have installed OpenSsl 1.1.1.
I run other test. I was able to connect to the server using QSslSocket with default QSslConfiguration. So that proves that OpenSsl is working fine.
But still I can't connect using Qt Grpc library.Hi,
Did you try to analyze the communication using something like wireshark to see what happens differently between the two variants ?
-
Hi,
Did you try to analyze the communication using something like wireshark to see what happens differently between the two variants ?
-
It should work in general. I suspect you use the self-signed certificate somewhere in your server certificate chain. If so you must probably need to set the respective options, especially https://doc.qt.io/qt-6/qsslconfiguration.html#setPeerVerifyMode , to VerifyNone
-
Has anyone found a workaround here? I have a grpc server behind a load balancer that I successfully hit with grpcurl, postman, and golang client. However, it doesn't work with QGrpc using
qt.network.http2: stream 1 finished with error: "Connection greeterviewmodel: error occurred: "" QGrpcStatus::Unavailable qt.network.http2: stream 3 finished with error: "Connection closed" -
Okay, for some reason, I needed to set the QSslConfiguration's setAllowedNextProtocols({ "h2" }). Leaky abstraction, poor API design, but I can understand it because the Ssl configuration is not just used for grpc servers, but also just standard rest apis and socket connections.
This is something that the Qt team likely didn't test. I will log it in the bug report. Perhaps QGrpcChannelOptions.setSslConfiguration should take a wrapper function or QSslConfiguration should have a
defaultGrpcConfiguration? Or maybe just better docs for this, as I'm sure enterprise customers will need secure channel for grpc. -
Okay, for some reason, I needed to set the QSslConfiguration's setAllowedNextProtocols({ "h2" }). Leaky abstraction, poor API design, but I can understand it because the Ssl configuration is not just used for grpc servers, but also just standard rest apis and socket connections.
This is something that the Qt team likely didn't test. I will log it in the bug report. Perhaps QGrpcChannelOptions.setSslConfiguration should take a wrapper function or QSslConfiguration should have a
defaultGrpcConfiguration? Or maybe just better docs for this, as I'm sure enterprise customers will need secure channel for grpc.@talksik
Thanks for that answer. I spent a few hours trying to figure out why my QGrpc client wouldn't connect using SSL. Calling the below on my SSLConfiguration fixed it.setAllowedNextProtocols({ "h2" }).I agree the documentation isn't great for this, which is a shame.
