我尝试使用TLS证书建立加密连接,使用gRPC。使用不安全的连接一切正常,我也尝试使用Go编写的客户端,它也可以工作。但是在Python中,我遇到了以下错误:
grpc._channel._Rendezvous: <_Rendezvous of RPC that terminated with:
status = StatusCode.UNAVAILABLE
details = "failed to connect to all addresses"
debug_error_string = "{"created":"@1565190346.229323178","description":"Failed to pick subchannel","file":"src/core/ext/filters/client_channel/client_channel.cc","file_line":3528,"referenced_errors":
[{"created":"@1565190346.229314131","description":"failed to connect to all addresses","file":"src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc","file_line":399,"grpc_status":14}]}"
这是我的客户的代码:
credentials = grpc.ssl_channel_credentials()
channel = grpc.secure_channel('127.0.0.1:9332', credentials)
stub = srv_pb2_grpc.SrvStub(channel)
response = stub.Action(msg='msg')
有什么建议吗?
更新
以下是使用 GRPC_TRACE
和 GRPC_VERBOSITY
环境变量的输出。
os.environ['GRPC_TRACE'] = 'transport_security,tsi'
os.environ['GRPC_VERBOSITY'] = 'DEBUG'
I0808 11:24:21.077552208 28357 ev_epoll1_linux.cc:116] grpc epoll fd: 3
D0808 11:24:21.077580061 28357 ev_posix.cc:174] Using polling engine: epoll1
D0808 11:24:21.077622131 28357 dns_resolver_ares.cc:483] Using ares dns resolver
E0808 11:24:21.077633004 28357 trace.cc:65] Unknown trace var: 'transport_security'
I0808 11:24:21.402168083 28357 ssl_transport_security.cc:217] HANDSHAKE START - TLS client start_connect - !!!!!!
I0808 11:24:21.402353776 28357 ssl_transport_security.cc:217] LOOP - TLS client enter_early_data - !!!!!!
I0808 11:24:21.402387194 28357 ssl_transport_security.cc:217] LOOP - TLS client read_server_hello - !!!!!!
I0808 11:24:21.606877030 28357 ssl_transport_security.cc:217] LOOP - TLS client read_server_certifi - !!!!!!
I0808 11:24:21.607580283 28357 ssl_transport_security.cc:217] LOOP - TLS client read_certificate_st - !!!!!!
I0808 11:24:21.607612862 28357 ssl_transport_security.cc:217] LOOP - TLS client verify_server_certi - !!!!!!
I0808 11:24:21.613300944 28357 ssl_transport_security.cc:217] LOOP - TLS client read_server_key_exc - !!!!!!
I0808 11:24:21.614718867 28357 ssl_transport_security.cc:217] LOOP - TLS client read_certificate_re - !!!!!!
I0808 11:24:21.614762602 28357 ssl_transport_security.cc:217] LOOP - TLS client read_server_hello_d - !!!!!!
I0808 11:24:21.614782664 28357 ssl_transport_security.cc:217] LOOP - TLS client send_client_certifi - !!!!!!
I0808 11:24:21.614798210 28357 ssl_transport_security.cc:217] LOOP - TLS client send_client_key_exc - !!!!!!
I0808 11:24:21.616791101 28357 ssl_transport_security.cc:217] LOOP - TLS client send_client_certifi - !!!!!!
I0808 11:24:21.616817014 28357 ssl_transport_security.cc:217] LOOP - TLS client send_client_finishe - !!!!!!
I0808 11:24:21.616891441 28357 ssl_transport_security.cc:217] LOOP - TLS client finish_flight - !!!!!!
I0808 11:24:21.616916680 28357 ssl_transport_security.cc:217] LOOP - TLS client read_session_ticket - !!!!!!
I0808 11:24:21.811575115 28357 ssl_transport_security.cc:217] LOOP - TLS client process_change_ciph - !!!!!!
I0808 11:24:21.811645429 28357 ssl_transport_security.cc:217] LOOP - TLS client read_server_finishe - !!!!!!
I0808 11:24:21.811706483 28357 ssl_transport_security.cc:217] LOOP - TLS client finish_client_hands - !!!!!!
I0808 11:24:21.811745454 28357 ssl_transport_security.cc:217] LOOP - TLS client done - !!!!!!
I0808 11:24:21.811763000 28357 ssl_transport_security.cc:217] HANDSHAKE DONE - TLS client done - !!!!!!
D0808 11:24:21.811984315 28357 security_handshaker.cc:176] Security handshake failed: {"created":"@1565252661.811954686","description":"Cannot check peer: missing selected ALPN property.","file":"src/core/lib/security/security_connector/ssl_utils.cc","file_line":129}
I0808 11:24:21.812313765 28357 subchannel.cc:1031] Connect failed: {"created":"@1565252661.811954686","description":"Cannot check peer: missing selected ALPN property.","file":"src/core/lib/security/security_connector/ssl_utils.cc","file_line":129}
GRPC_TRACE
设置为"transport_security,tsi",并将GRPC_VERBOSITY
设置为"DEBUG"。 - Richard Belleville