vertx-grpc
vertx-grpc copied to clipboard
vert-x3
SNI is not Supported on the Server
I am using the latest 4.0.0-SNAPSHOT of the Vert.x stack. I tested this with the Java server app running on macOS 10.15.14, ubuntu 20.04, Windows 10 on a AdoptOpenJDK 11.0.7 JVM. I am using openssl test client like so :
openssl s_client -showcerts -servername grpc.example.com -connect grpc.example.com:443
I am setting the SSL options with the setPfxKeyCertOptions and setSni(true). The PFX/P12/PKCS 12 key store contains key/cert entries for all the hostnames the server is serving for, including "localhost", and for the sake of this example, "grpc.example.com". If I start a normal Vert.x HTTP/2 server, it responds to the test openssl command correctly, whereas the gRPC server does not.
@vietj I am guessing the issue here could be related how core is used to start the server.
@pmlopes I think this is an issue of gRPC Netty server. SNI requires a specific Netty Handler to operate.
I created this issue because I believe this is a desirable feature to have in v4 https://github.com/vert-x3/vertx-grpc/issues/83
See https://github.com/grpc/grpc-java/issues/7397#issuecomment-719858933 where I was advised that SNI support with grpc-java is recommended to be achieved by manipulating the key store and relying on default handling for SNI in Java
if we were to reimplement gRPC transport with Vert.x we would benefit from that.
On Thu, Mar 25, 2021 at 2:59 PM Liam Williams @.***> wrote:
See grpc/grpc-java#7397 (comment) https://github.com/grpc/grpc-java/issues/7397#issuecomment-719858933 where I was advised that SNI support with grpc-java is recommended to be achieved by manipulating the key store and relying on default handling for SNI in Java
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/vert-x3/vertx-grpc/issues/70#issuecomment-806804819, or unsubscribe https://github.com/notifications/unsubscribe-auth/AABXDCXDW7WIL2DHE5OCSBLTFM6VLANCNFSM4NS5GZ3Q .