目前我正在为我的gRPC客户端设置通道认证,如下所示:
std::shared_ptr<grpc::ChannelCredentials> channel_creds;
auto metadata = grpc::ChannelArguments();
// ...
grpc::SslCredentialsOptions sslOpts{};
sslOpts.pem_root_certs = // PEM with the Root CA cert's public key
sslOpts.pem_cert_chain = // PEM for client cert's public key
sslOpts.pem_private_key = // PEM for client cert's private key
channel_creds = grpc::SslCredentials(sslOpts);
metadata.SetSslTargetNameOverride(mbServerCertSubjectName.second.get());
// ...
grpc::CreateCustomChannel(addr_str, channel_creds, metadata);
这几乎是完美的,但我想禁用证书名称验证:只要连接到我提供的
pem_root_certs
就可以接受任何内容。如果我能创建一个TlsChannelCredentialsOptions结构,并将其grpc_tls_server_verification_option字段设置为GRPC_TLS_SKIP_HOSTNAME_VERIFICATION,那么这似乎是可行的,但TlsCredentialsOptions的接口与SslCredentialsOptions完全不同,我不知道如何设置它以基于我在这里提供的PEM文件进行身份验证。
如何将所需逻辑转换为TlsChannelCredentialsOptions?