sending credentials securely via ssl through transport layer

[treydin6]

What are you trying to achieve?

The api I have been working with recently upgraded and I am required to send credentials securely now, not over plain text. I am confused as what Changes I have to make to get this to work. I am also confused at the whole process and what even needs to happen.

Describe your problem at a high level. Include code snippets if you think that would help better illustrate your problem. Without enough information, we will not be able to help you.

What have you tried so far?

I have tried reading the docs on tls and it is not making sense to me. I am not understanding the whole ssl/tsl stuff so its hard to accomplish a task that I am unsure of how to solve.

this is my connection code that was working before I had to start using ssl ` class EmporiaNetworking { var authServiceClient: Protos_PartnerApiClient? let port: Int = 50051

init() {
    // build a fountain of EventLoops
    let eventLoopGroup = MultiThreadedEventLoopGroup(numberOfThreads: 1)
    do {
      // open a channel to the gPRC server
        let channel = try GRPCChannelPool.with(
            target: .host("partner-api.energy.com", port: self.port),
            transportSecurity: .plaintext,
            eventLoopGroup: eventLoopGroup
        )
      // create a Client
        self.authServiceClient = Protos_PartnerApiClient.init(channel: channel) //AuthService_AuthServiceRoutesClient(channel: channel)
        print("grpc connection initialized")
    } catch {
        print("Couldn’t connect to gRPC server")
    }
}

`

now I just need to get ssl and tsl support so any help is appreciated

Describe what you've tried to do so far to solve your problem. Include any relevant information such as the library and protoc plugin versions, the full protoc invocation (if the problem is related to code generation), and any logs or error messages.

[glbrntt]

You can configure TLS by changing transportSecurity from .plaintext to .tls.

As your are using a MultiThreadedEventLoopGroup you must use the TLS implementation which is backed by NIOSSL. To get the default configuration for this can use .makeClientConfigurationBackedByNIOSSL().

let channel = try GRPCChannelPool.with(
    target: .host("partner-api.energy.com", port: self.port),
    transportSecurity: .tls(.makeClientConfigurationBackedByNIOSSL()),
    eventLoopGroup: eventLoopGroup
)

[treydin6]

Thank you for the response, I had tried this and getting and ssl error shown below

RPC method ‘login’ failed: deadlineExceeded(connectionError: Optional(NIOSSL.NIOSSLError.handshakeFailed(NIOSSL.BoringSSLError.sslError([Error: 268435581 error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED]))))RPC method ‘login’ failed: deadlineExceeded(connectionError: Optional(NIOSSL.NIOSSLError.handshakeFailed(NIOSSL.BoringSSLError.sslError([Error: 268435581 error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED]))))

Is there any more set up that needs to be done on my side? Thank you again.

[Lukasa]

What certificate is the server presenting? It does not appear to be trusted by the client.