我正在尝试在GRPC中使用自签名证书。我生成了证书/密钥:
openssl req -x509 -nodes -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365
这给了我两个文件:
cert.pem
和key.pem
。我有一个Kotlin GRPC服务器,设置如下:
val ca = classLoader.getResourceAsStream("cert.pem")
val key = classLoader.getResourceAsStream("key.pem")
ServerBuilder
.forPort(8443)
.useTransportSecurity(ca, key)
.addService(...)
.build()
.start()
看起来启动成功了。我有一个Flutter客户端,我是这样设置的:
final cert = await rootBundle.load('cert.pem')
final certAsList = cert.buffer
.asUint8List(
cert.offsetInBytes,
cert.lengthInBytes,
)
.map((uint8) => uint8.toInt())
.toList()
final channel = new ClientChannel(
'localhost',
port: 8443,
options: ChannelOptions(
credentials: ChannelCredentials.secure(certificates: certAsList),
),
)
然而,使用该通道连接到我的服务会出现以下错误:
gRPC Error (14, Error connecting: HandshakeException: Handshake error in client (OS Error: CERTIFICATE_VERIFY_FAILED: ok(handshake.cc:352)))
这个设置有什么问题吗?