英文:
Golang TLS handshake error - "first record does not look like a TLS handshake"?
问题
客户端代码
tlsconf := &tls.Config{InsecureSkipVerify: true}
creds := credentials.NewTLS(tlsconf)
opts = append(opts, grpc.WithTransportCredentials(creds))
conn, err := grpc.Dial(endpoint, opts...)
// 处理错误和其他情况
服务器正确注册服务的代码如下:
if err := s.registerServices(); err != nil {
err = errors.Wrap(err, "无法注册服务")
return err
}
这里的s是我的s *Server(指向我的struct的指针)。
type Server struct {
s *grpc.Server
conf *config
listener net.Listener
}
但是当我尝试使用s.Serve()来处理请求时,它给出了以下tls握手错误:
transport: authentication handshake failed: tls: first record does not look like a TLS handshake
英文:
Client-side code
tlsconf := &tls.Config{InsecureSkipVerify: true}
creds := credentials.NewTLS(tlsconf)
opts = append(opts, grpc.WithTransportCredentials(creds))
conn, err := grpc.Dial(endpoint, opts...)
// handle error and other cases
The server registers the service properly. The code for that is given below.
if err := s.registerServices(); err != nil {
err = errors.Wrap(err, "unable to register services")
return err
}
Here s is my s *Server (a pointer to my struct).
type Server struct {
s *grpc.Server
conf *config
listener net.Listener
}
But when I try to serve the request using s.Serve(), it gives me this tls handshake error:
transport: authentication handshake failed: tls: first record does not look like a TLS handshake
答案1
得分: 1
你的凭据似乎有些奇怪。当我尝试在不安全的连接上发送安全数据时,我看到了这个错误。
根据文档,你误用了配置:
// InsecureSkipVerify 控制客户端是否验证服务器的证书链和主机名。
// 如果 InsecureSkipVerify 为 true,crypto/tls 将接受服务器呈现的任何证书和该证书中的任何主机名。
// 在此模式下,TLS 容易受到中间人攻击,除非使用自定义验证。
// 这仅应用于测试或与 VerifyConnection 或 VerifyPeerCertificate 结合使用。
尝试使用以下 DialOption:
grpc.WithInsecure()
因此,准确来说:
address := ...
conn, err := grpc.Dial(address, grpc.WithInsecure())
英文:
Your creds seems weird. I saw this error when I tried sending secured data on an unsecured connection.
Looking at the documentation - you're misusing the config:
// InsecureSkipVerify controls whether a client verifies the server's
// certificate chain and host name. If InsecureSkipVerify is true, crypto/tls
// accepts any certificate presented by the server and any host name in that
// certificate. In this mode, TLS is susceptible to machine-in-the-middle
// attacks unless custom verification is used. This should be used only for
// testing or in combination with VerifyConnection or VerifyPeerCertificate.
Try using instead this DialOption:
grpc.WithInsecure()
So to be precise:
address := ...
conn, err := grpc.Dial(address, grpc.WithInsecure())
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论