Привет, я пытаюсь написать тестовый клиент и сервис grpc на python. При использовании незащищенного канала все работает стабильно, но при попытке установить tls соединение возникает ошибка. Для написания кода и создания цепочки сертификатов я использовал это
руководство.
Сообщение об ошибке:
Message = <_InactiveRpcError of RPC that terminated with:
status = StatusCode.UNAVAILABLE
details = "failed to connect to all addresses"
debug_error_string = "{"created":"@1690999363.720000000","description":"Failed to pick subchannel","file":"src/core/ext/filters/client_channel/client_channel.cc","file_line":3094,"referenced_errors":[{"created":"@1690999363.720000000","description":"failed to connect to all addresses","file":"src/core/lib/transport/error_utils.cc","file_line":163,"grpc_status":14}]}"
>
Source = F:\Work\PytService\ClientPy\ClientPy.py
Stack trace:
File "F:\Work\PytService\ClientPy\ClientPy.py", line 22, in run
response = stub.SayHello(service_pb2.HelloRequest(name='you'))
File "F:\Work\PytService\ClientPy\ClientPy.py", line 32, in <module> (Current frame)
run()
grpc._channel._InactiveRpcError: <_InactiveRpcError of RPC that terminated with:
status = StatusCode.UNAVAILABLE
details = "failed to connect to all addresses"
debug_error_string = "{"created":"@1690999363.720000000","description":"Failed to pick subchannel","file":"src/core/ext/filters/client_channel/client_channel.cc","file_line":3094,"referenced_errors":[{"created":"@1690999363.720000000","description":"failed to connect to all addresses","file":"src/core/lib/transport/error_utils.cc","file_line":163,"grpc_status":14}]}"
>
Код сервера
from concurrent import futures
import logging
import grpc
import service_pb2
import service_pb2_grpc
class Greeter(service_pb2_grpc.GreeterServicer):
def SayHello(self, request, context):
return service_pb2.HelloReply(message='Hello, %s!' % request.name)
def SayHelloAgain(self, request, context):
return service_pb2.HelloReply(message=f'Hello again, {request.name}!')
def serve():
port = '50051'
server_host = 'localhost'
server = grpc.server(futures.ThreadPoolExecutor(max_workers=10))
service_pb2_grpc.add_GreeterServicer_to_server(Greeter(), server)
keyfile = 'server-key.pem'
certfile = 'server-cert.pem'
private_key = open(keyfile).read()
certificate_chain = open(certfile).read()
credentials = grpc.ssl_server_credentials(
((bytes(private_key, 'utf-8'), bytes(certificate_chain, 'utf-8'),),)
)
server.add_secure_port('localhost:50001',credentials)
server.start()
print("Server started, listening on " + port)
server.wait_for_termination()
if __name__ == '__main__':
logging.basicConfig()
serve()
Код клиента:
from __future__ import print_function
import logging
import grpc
import grpc_tools
import service_pb2
import service_pb2_grpc
def run():
ca_cert = 'ca-cert.pem'
root_certs = open(ca_cert).read()
credentials = grpc.ssl_channel_credentials((bytes(root_certs, 'utf-8')))
with grpc.secure_channel('localhost:50051',credentials) as channel:
stub = service_pb2_grpc.GreeterStub(channel)
response = stub.SayHello(service_pb2.HelloRequest(name='you'))
print("Greeter client received: " + response.message)
response = stub.SayHelloAgain(service_pb2.HelloRequest(name='you1'))
print("Greeter client received: " + response.message)
if __name__ == '__main__':
logging.basicConfig()
run()
Пробовал менять сертификаты, создавая их не только по мануалу, но и с помощью openssl. А также изменить метод шифрования сертификатов с RSA на кривой P-256. Но ничего из перечисленного не помогло.