【发布时间】:2019-08-07 15:23:41
【问题描述】:
我正在尝试使用 gRPC 与 TLS 证书建立加密连接。使用不安全的连接一切正常,我也尝试使用用 Go 编写的客户端,它也可以。但是使用 Python 我收到以下错误:
grpc._channel._Rendezvous: <_Rendezvous of RPC that terminated with:
status = StatusCode.UNAVAILABLE
details = "failed to connect to all addresses"
debug_error_string = "{"created":"@1565190346.229323178","description":"Failed to pick subchannel","file":"src/core/ext/filters/client_channel/client_channel.cc","file_line":3528,"referenced_errors":
[{"created":"@1565190346.229314131","description":"failed to connect to all addresses","file":"src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc","file_line":399,"grpc_status":14}]}"
这是我客户的代码:
credentials = grpc.ssl_channel_credentials()
channel = grpc.secure_channel('127.0.0.1:9332', credentials)
stub = srv_pb2_grpc.SrvStub(channel)
response = stub.Action(msg='msg')
有什么建议吗?
更新
这是带有GRPC_TRACE 和GRPC_VERBOSITY 环境变量的输出。
os.environ['GRPC_TRACE'] = 'transport_security,tsi'
os.environ['GRPC_VERBOSITY'] = 'DEBUG'
I0808 11:24:21.077552208 28357 ev_epoll1_linux.cc:116] grpc epoll fd: 3
D0808 11:24:21.077580061 28357 ev_posix.cc:174] Using polling engine: epoll1
D0808 11:24:21.077622131 28357 dns_resolver_ares.cc:483] Using ares dns resolver
E0808 11:24:21.077633004 28357 trace.cc:65] Unknown trace var: 'transport_security'
I0808 11:24:21.402168083 28357 ssl_transport_security.cc:217] HANDSHAKE START - TLS client start_connect - !!!!!!
I0808 11:24:21.402353776 28357 ssl_transport_security.cc:217] LOOP - TLS client enter_early_data - !!!!!!
I0808 11:24:21.402387194 28357 ssl_transport_security.cc:217] LOOP - TLS client read_server_hello - !!!!!!
I0808 11:24:21.606877030 28357 ssl_transport_security.cc:217] LOOP - TLS client read_server_certifi - !!!!!!
I0808 11:24:21.607580283 28357 ssl_transport_security.cc:217] LOOP - TLS client read_certificate_st - !!!!!!
I0808 11:24:21.607612862 28357 ssl_transport_security.cc:217] LOOP - TLS client verify_server_certi - !!!!!!
I0808 11:24:21.613300944 28357 ssl_transport_security.cc:217] LOOP - TLS client read_server_key_exc - !!!!!!
I0808 11:24:21.614718867 28357 ssl_transport_security.cc:217] LOOP - TLS client read_certificate_re - !!!!!!
I0808 11:24:21.614762602 28357 ssl_transport_security.cc:217] LOOP - TLS client read_server_hello_d - !!!!!!
I0808 11:24:21.614782664 28357 ssl_transport_security.cc:217] LOOP - TLS client send_client_certifi - !!!!!!
I0808 11:24:21.614798210 28357 ssl_transport_security.cc:217] LOOP - TLS client send_client_key_exc - !!!!!!
I0808 11:24:21.616791101 28357 ssl_transport_security.cc:217] LOOP - TLS client send_client_certifi - !!!!!!
I0808 11:24:21.616817014 28357 ssl_transport_security.cc:217] LOOP - TLS client send_client_finishe - !!!!!!
I0808 11:24:21.616891441 28357 ssl_transport_security.cc:217] LOOP - TLS client finish_flight - !!!!!!
I0808 11:24:21.616916680 28357 ssl_transport_security.cc:217] LOOP - TLS client read_session_ticket - !!!!!!
I0808 11:24:21.811575115 28357 ssl_transport_security.cc:217] LOOP - TLS client process_change_ciph - !!!!!!
I0808 11:24:21.811645429 28357 ssl_transport_security.cc:217] LOOP - TLS client read_server_finishe - !!!!!!
I0808 11:24:21.811706483 28357 ssl_transport_security.cc:217] LOOP - TLS client finish_client_hands - !!!!!!
I0808 11:24:21.811745454 28357 ssl_transport_security.cc:217] LOOP - TLS client done - !!!!!!
I0808 11:24:21.811763000 28357 ssl_transport_security.cc:217] HANDSHAKE DONE - TLS client done - !!!!!!
D0808 11:24:21.811984315 28357 security_handshaker.cc:176] Security handshake failed: {"created":"@1565252661.811954686","description":"Cannot check peer: missing selected ALPN property.","file":"src/core/lib/security/security_connector/ssl_utils.cc","file_line":129}
I0808 11:24:21.812313765 28357 subchannel.cc:1031] Connect failed: {"created":"@1565252661.811954686","description":"Cannot check peer: missing selected ALPN property.","file":"src/core/lib/security/security_connector/ssl_utils.cc","file_line":129}
【问题讨论】:
-
你能打开与安全相关的日志吗?将环境变量
GRPC_TRACE设置为“transport_security,tsi”,将GRPC_VERBOSITY设置为“DEBUG”。