serve icon indicating copy to clipboard operation
serve copied to clipboard

Published 20 hours ago verified publisher icon pytorch

Add support for secure communication over gRPC

Open harshbafna opened this issue 5 years ago • 3 comments

Is your feature request related to a problem? Please describe.

The current implementation of gRPC doesn't support communication over a secure channel.

Describe the solution

Add support for starting gRPC secure mode.

harshbafna avatar Nov 05 '20 04:11 harshbafna

Can you elaborate on how you implemented the secure communication support? I can't get a torchserver to work using secure grpc communication with self signed certificates for localhost @harshbafna

nmohr192 avatar Aug 24 '21 23:08 nmohr192

Yes, @msaroufim @harshbafna could you please provide steps for performing grpc secure communication for both client and server?

I have created a private key (.key) and certificate file (mycert.pem) on the server side. Copied the certificate on the client side and using the following code on the client side

with open("mycert.pem", 'rb') as f:
            creds= grpc.ssl_channel_credentials(f.read())
options = [
            ('grpc.max_send_message_length', MAX_GRPC_MESSAGE_LENGTH),
            ('grpc.max_receive_message_length', MAX_GRPC_MESSAGE_LENGTH)
]

infer_channel = grpc.secure_channel(f"{host}:{port}", credentials=creds, options=options)

However, this doesn't seem to work. I get the error:

E0607 10:27:01.030167311   10127 ssl_transport_security.cc:1495] Handshake failed with fatal error SSL_ERROR_SSL: error:100000f7:SSL routines:OPENSSL_internal:WRONG_VERSION_NUMBER.
E0607 10:27:05.954440654   10228 ssl_transport_security.cc:1495] Handshake failed with fatal error SSL_ERROR_SSL: error:100000f7:SSL routines:OPENSSL_internal:WRONG_VERSION_NUMBER.

or

 <_InactiveRpcError of RPC that terminated with:
	status = StatusCode.UNAVAILABLE
	details = "failed to connect to all addresses"
	debug_error_string = "{"created":"@1654597621.030306810","description":"Failed to pick subchannel","file":"src/core/ext/filters/client_channel/client_channel.cc","file_line":3217,"referenced_errors":[{"created":"@1654597621.030306017","description":"failed to connect to all addresses","file":"src/core/lib/transport/error_utils.cc","file_line":165,"grpc_status":14}]}"

IamMohitM avatar Jun 07 '22 11:06 IamMohitM

I also set the enable_grpc_ssl=true in config.properties. The WRONG_VERSION_NUMBER error is not generated anymore. However, the status is still Unavailable.

IamMohitM avatar Jun 07 '22 14:06 IamMohitM

Any updates on this? i ran into the same problem

LaurinmyReha avatar Apr 20 '23 12:04 LaurinmyReha

Any updates on this? i ran into the same problem

Yes, I wrote about how I got this working. Let me know if this works you or if you run into any issues.

https://iammohitm.github.io/Torch-Serve-with-Secure-gRPC/

IamMohitM avatar Apr 20 '23 12:04 IamMohitM

Thank you very much. This made it work! :)

LaurinmyReha avatar May 04 '23 08:05 LaurinmyReha