I'm trying to get a GRPC server (written in .NET core) and client (written in C++) to communicate over a SSL/TLS-secured channel.
The server targets "netcoreapp3.1", and depends on "Grpc.AspNetCore" version 2.28.0. The server code itself is basically copied from the official grpc repo's examples. The Startup.cs
and Program.cs
are not too interesting on their own & probably aren't the problems, so I just uploaded them to a gist (do note the call to UseHttps
though). Everything builds, and a toy .NET core GRPC client (sources for that here) connects over HTTPS just fine
Unfortunately, I need to be using a C++ client to make the connection. Theoretically, the process is simple: get the .pfx file corresponding to the certificate passed to the UseHttps
call, use it to create a server.crt
via openssl, and use that to create a secure channel for the C++ client like so:
grpc::SslCredentialsOptions sslOpts{};
sslOpts.pem_root_certs = file_to_string(path_to_server_crt);
auto creds = grpc::SslCredentials(sslOpts);
auto channel = grpc::CreateChannel("localhost:50052", creds);
I've used the client successfully with a C++ grpc server, so there's no lingering bugs on that side either. When I point it at my .NET core server though, things break. The client side info isn't interesting, just a GRPC error 14. When the server is set to log things at Trace
though, something pops out
dbug: Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer[2]
Connection id "0HM6UG4PBICBP" accepted.
dbug: Microsoft.AspNetCore.Server.Kestrel[1]
Connection id "0HM6UG4PBICBP" started.
dbug: Microsoft.AspNetCore.Server.Kestrel.Https.Internal.HttpsConnectionMiddleware[1]
Failed to authenticate HTTPS connection.
System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception.
---> System.ComponentModel.Win32Exception (0x80090367): No common application protocol exists between the client and the server. Application protocol negotiation failed.
--- End of inner exception stack trace ---
// Some detailed stack trace, pretty sure it's garbage
dbug: Microsoft.AspNetCore.Server.Kestrel[2]
Connection id "0HM6UG4PBICBP" stopped.
dbug: Microsoft.AspNetCore.Server.Kestrel.Transport.Sockets[7]
Connection id "0HM6UG4PBICBP" sending FIN because: "The Socket transport's send loop completed gracefully
No common application protocol exists between the client and the server
, that's certainly interesting: the server must be rejecting whatever protocol the C++ client is trying to use (TLS 1.2, from some googling?). How can I get them talking to each other over a common protocol?
Note 1: I should mention that the C++ client is being compiled/run from WSL 1 (Ubuntu 18.04) whereas the server is being run on Windows Server 2019 Datacenter.
Note 2: The discussion here seems relevant, but ultimately doesn't lead to anything useful.
I later submitted another question with more details, and with an "answer." You can check that out here