grpc/go how to set grpc.ssl_target_name_override in grpc.Dial

Question

I am currently trying to test ssl/tls authentication between grpc client and server in go. Not sure how to pass grpc.ssl_target_name_override(https://grpc.github.io/grpc/core/group__grpc__arg__keys.html#ga218bf55b665134a11baf07ada5980825)

while creating the channel on the client side, currently seeing this:

"transport: authentication handshake failed: x509: certificate is valid for xxx.xxx.net, not localhost"

    // Create the client TLS credentials
    creds, err := credentials.NewClientTLSFromFile("cert.pem", "")
    if err != nil {
        panic(err)
    }

    conn, err := grpc.Dial("localhost:8080", grpc.WithTransportCredentials(creds))
    if err != nil {
        panic(err)
    }

I see documentation for other languages: https://grpc.github.io/grpc/cpp/classgrpc_1_1_channel_arguments.html#a42313e3360b50c354c68572e7bf5bccb

sun1 sun1 · Accepted Answer · 2021-04-06T01:07:17

I had to set the serverNameOverride value as xxx.xxx.net in NewClientTLSFromFile function and that fixed the issue.

// Create the client TLS credentials
    creds, err := credentials.NewClientTLSFromFile("cert.pem", "xxx.xxx.net")
    if err != nil {
        panic(err)
    }

grpc/go how to set grpc.ssl_target_name_override in grpc.Dial

1 Answers