search

fullstorydev / grpcui

An interactive web UI for gRPC, along the lines of postman
MIT License
5.24k stars 388 forks source link

insecure flag doing nothing #227

Closed idc77 closed 1 year ago

idc77 commented 1 year ago

go install github.com/fullstorydev/grpcui/cmd/grpcui@latest

~ grpcui -insecure localhost:4777
Failed to dial target host "localhost:4777": tls: first record does not look like a TLS handshake
idc77 commented 1 year ago

136

use -plaintext

it's misleading because curl uses -k and describes it as insecure.

jhump commented 1 year ago

@idc77, FWIW, curl's -k and --insecure flags provide the same behavior as grpcurl.

   -k, --insecure
          (TLS) By default, every SSL connection curl makes is verified to be secure. This option allows
          curl to proceed and operate even for server connections otherwise considered insecure.

          The server connection is verified by making sure the server's certificate contains the right
          name and verifies successfully using the cert store.

          See this online resource for further details:
           https://curl.se/docs/sslcerts.html

          WARNING: this makes the transfer insecure.

          Example:
           curl --insecure https://example.com

The -plaintext flag is unfortunately not consistent with curl just because curl let's you indicate plaintext or not via a URL prefix, i.e. "http://" vs. "https://".

In this case "insecure" means using TLS but not actually secure (because it's skipping verification of the TLS cert).