Disabling certificate check in gRPC TLS

前端未结

关注

 1  1547

春和景丽 2021-01-14 07:54

Currently, I have a ngnix server (on port 5001) behind which a gRPC server is running, nginx having TLS enabled. All gRPC clients need to send the request to nginx port whic

1条回答

执念已碎 (楼主)

2021-01-14 08:22
TLS with disabled certificate checking is of questionable usefulness because it can be trivially MITMed and so is not "supported" by gRPC. I highly recommend providing the client with proper root certificates to verify the server.

That said, you can go around gRPC's API to do this by passing Netty's InsecureTrustManagerFactory to SslContextBuilder.trustManager(TrustManagerFactory):
```
NettyChannelBuilder.forAddress("", 5001)
    .sslContext(GrpcSslContexts.forClient()
      .trustManager(InsecureTrustManagerFactory.INSTANCE)
      .build())
    .build();
```
0 讨论(0)
发布评论:

提交评论
- 加载中...