search

adrienemery / lnd-grpc-client

A python grpc client/async client for LND ⚡⚡⚡
MIT License
35 stars 21 forks source link

Peer name is not in peer certificate #11

Closed alevchuk closed 5 years ago

alevchuk commented 5 years ago

Hi, I'm trying to run:

from lndgrpc import LNDClient

# pass in the ip-address with RPC port
lnd = LNDClient("ec2-34-123-123-123.us-west-2.compute.amazonaws.com:10009", cert_filepath="tls.cert", macaroon_filepath="readonly.macaroon")

lnd.get_info()

and get this connection error:

Traceback (most recent call last):
  File "./c.py", line 8, in <module>
    lnd.get_info()
  File "/Users/aleksandr/Development/lnd-grpc-client/lib/python3.6/site-packages/lndgrpc/errors.py", line 30, in wrapper
    raise exc
  File "/Users/aleksandr/Development/lnd-grpc-client/lib/python3.6/site-packages/lndgrpc/errors.py", line 19, in wrapper
    return fnc(*args, **kwargs)
  File "/Users/aleksandr/Development/lnd-grpc-client/lib/python3.6/site-packages/lndgrpc/client.py", line 21, in get_info
    response = self._ln_stub.GetInfo(ln.GetInfoRequest())
  File "/Users/aleksandr/Development/lnd-grpc-client/lib/python3.6/site-packages/grpc/_channel.py", line 549, in __call__
    return _end_unary_response_blocking(state, call, False, None)
  File "/Users/aleksandr/Development/lnd-grpc-client/lib/python3.6/site-packages/grpc/_channel.py", line 466, in _end_unary_response_blocking
    raise _Rendezvous(state, None, None, deadline)
grpc._channel._Rendezvous: <_Rendezvous of RPC that terminated with:
    status = StatusCode.UNAVAILABLE
    details = "Connect Failed"
    debug_error_string = "{"created":"@1553871334.297308000","description":"Failed to create subchannel","file":"src/core/ext/filters/client_channel/client_channel.cc","file_line":2267,"referenced_errors":[{"created":"@1553871334.297305000","description":"Pick Cancelled","file":"src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc","file_line":242,"referenced_errors":[{"created":"@1553871334.297284000","description":"Connect Failed","file":"src/core/ext/filters/client_channel/subchannel.cc","file_line":962,"grpc_status":14,"referenced_errors":[{"created":"@1553871334.297165000",
"description":"Peer name ec2-34-123-123-123.us-west-2.compute.amazonaws.com is not in peer certificate","file":"src/core/lib/security/security_connector/ssl/ssl_security_connector.cc","file_line":64}]}]}]}"

same error when using an IP instead of the domain name.

$ pip freeze
aiogrpc==1.6
googleapis-common-protos==1.5.9
grpcio==1.19.0
grpcio-tools==1.19.0
lndgrpc==0.1.3
protobuf==3.7.1
six==1.12.0

Is there an additional step that needs to be done for TSL other then just copying over the "tls.cert" file?

alevchuk commented 5 years ago

hmm, maybe i'm missing some config in my lnd server. When I try the same with lncli I get:

[lncli] rpc error: code = Unavailable desc = all SubConns are in TransientFailure, latest connection error: connection error: desc = "transport: authentication handshake failed: x509: 
certificate is valid for bl3, localhost, unix, unixpacket,
not ec2-34-123-123-123.us-west-2.compute.amazonaws.com"
alevchuk commented 5 years ago

Ok, I got it to work.

I had to do the following:

  1. To LND config add:

    rpclisten=0.0.0.0:10009
tlsextradomain=ec2-34-123-123-123.us-west-2.compute.amazonaws.com

  2. Delete ~/.lnd/tls.* files

  3. Restart LND and copy ~/.lnd/tls.cert to the client host.

Maybe this should be added to documentation on how to get TLS to work on a remote host.

adrienemery commented 5 years ago

Yeah I ran it to this the first time running on a remote host to - glad you figured it out. Maybe open a PR on the lnd repo to improve their docs if you have time.

I can add a note on the docs here too when I get a chance.

Cheers!