grpcurl Dial fails with a timeout when the server requires a client certificate, but none is provided

Dial fails with a timeout when the server requires a client certificate, but none is provided

Open atollena opened this issue 1 year ago • 0 comments

When the server requires a client certificate, and grpcurl is not configured with the -cert/-key options, it fails with a timeout instead of an explicit message, even though the server communicates the problem with a certificate_required alert and closes the connection.

Steps to reproduce: create a server that requires a client certificate (for example by modifying the grpc-go authentication to pass a tls.Config with tls.RequireAndVerifyClientCert).
Run grpcurl -insecure localhost:50051 list

Expected output (this is what grpc-go outputs when letting an RPC fail or dialing WithBlock):

Failed to dial target host "localhost:50051": desc = "error reading server preface: remote error: tls: certificate required

Actual output:

Failed to dial target host "localhost:50051": context deadline exceeded

grpcurl seems to not consider the alert fatal and continue attempting to dial.

Sep 09 '24 09:09 atollena

grpcurl grpcurl copied to clipboard

Dial fails with a timeout when the server requires a client certificate, but none is provided

grpcurl
grpcurl copied to clipboard