search

stepancheg / grpc-rust

Rust implementation of gRPC
MIT License
1.37k stars 124 forks source link

Authentication to a LND server fails with .der file #124

Closed sezaru closed 6 years ago

sezaru commented 6 years ago

I'm trying to connect to a LND Server using grpc-rust. For authentication, I need to use a ca certificate file tls.cert.

How can I use it with grpc-rust to do the authentication? What I tried was use openssl to convert the certificate to a .der file and use

fn tls_connector() -> tls_api_native_tls::TlsConnector {
    let root_ca = include_bytes!("../lnd3.der");
    let root_ca = tls_api::Certificate::from_der(root_ca.to_vec());

    let mut builder = tls_api_native_tls::TlsConnector::builder().unwrap();
    builder.add_root_certificate(root_ca).expect("add_root_certificate");
    builder.build().unwrap()
}

As shown in one of the grpc-rust examples.

But when I try to connect I get: Err(Http(ClientDied(Some(IoError(Custom { kind: Other, error: Ssl(ErrorStack([Error { code: 336134278, library: "SSL routines", function: "ssl3_get_server_certificate", reason: "certificate verify failed", file: "s3_clnt.c", line: 1269 }])) })))))

I have another code (using Elixir) where I use directly the tls.cert file and it connects just fine.

What I'm doing wrong, and is it possible to use the tls.cert file directly?

Thanks.

stepancheg commented 6 years ago

It's very hard to say because grpc-rust (technically, rust-tls-api) is just a wrapper.

What is LND?

Which command did you use to convert certificate?

Can you post full example?

Can you show elixir example?

Can you provide fully reproducible example?

Which hostname do you use when you connect to the server?

sezaru commented 6 years ago

Hello @stepancheg, LND is a Bitcoin Lightning Server that uses GRPC for communication lnd website.

I used this command:

openssl x509 -outform der -in tls.cert -out tls.der

I will post both a full rust example rust-lnd.zip

And an Elixir example too elixir_lnd.zip

For the rust example, you just need to run

$ cargo build
$ cargo run

For the elixir one (you need to have ERlang and elixir installed, mine are version 20 and 1.5.2 respectively), you just run:

$ mix deps.get
$ mix run

Both examples will try to communicate with my LND Server at thunderpay.webredirect.com at door 10009 (you can also try thunderpay.craftx.biz, both redirect to the same ip address)

Hope that this can help.

sezaru commented 6 years ago

Well, it turns out someone from my team changed the LND certificate without telling me, and that was the reason it was failing, changing to the new one made the code start to work again..

Sorry for that, I will close the issue