Grpc ssl 服务器崩溃 - C++
Grpc ssl server crashes - C++
我有一个 Grpc 服务器,用 C++ 编写,在不安全的连接下工作得很好。
现在我正在尝试将连接更改为使用安全连接,因此我将凭据从 grpc::InsecureServerCredentials() 更改为 grpc::SslServerCredentials (opts),但服务器因分段错误而崩溃。
这是我的代码(我使用了与 grpc 示例完全相同的代码):
grpc::ServerBuilder builder;
grpc::SslServerCredentialsOptions ssl_opts;
ssl_opts.pem_root_certs = "";
grpc::SslServerCredentialsOptions::PemKeyCertPair pkcp = {server_key, server_cert};
ssl_opts.pem_key_cert_pairs.push_back(pkcp);
auto server_creds = SslServerCredentials(ssl_opts);
// builder.AddListeningPort(server_address, grpc::InsecureServerCredentials());
builder.AddListeningPort("localhost:5000", server_creds);
ServiceListerImpl service;
builder.RegisterService(&service);
builder.RegisterService("foo.test.youtube.com", &service);
auto server = builder.BuildAndStart();
我检查了server_key、server_cert,它们都是有效的。
错误堆栈跟踪:
stacktrace:
0x1d6265a SSL_CTX_new :0
0x1bfc98c tsi_create_ssl_server_handshaker_factory_with_options(tsi_ssl_server_handshaker_options const*, tsi_ssl_server_handshaker_factory**) :0
0x1bb828a (anonymous namespace)::grpc_ssl_server_security_connector::InitializeHandshakerFactory() :0
0x1bb8ab5 grpc_ssl_server_security_connector_create(grpc_core::RefCountedPtr<grpc_server_credentials>) :0
0x1bb26ac grpc_ssl_server_credentials::create_security_connector() :0
0x1b6c8bb grpc_server_add_secure_http2_port :0
0x1a24bf0 grpc_impl::SecureServerCredentials::AddPortToServer(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, grpc_server*) :0
0x1a3c207 grpc_impl::Server::AddListeningPort(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, grpc_impl::ServerCredentials*) :0
0x1a2b0fb grpc_impl::ServerBuilder::BuildAndStart() :0
尝试使用 valgrind 获取更多信息:
==26834== Conditional jump or move depends on uninitialised value(s)
==26834== at 0x1FBCA18: init_openssl() (in /home/ofir)
==26834== by 0xCF0C47E: __pthread_once_slow (pthread_once.c:116)
==26834== by 0x227592A: gpr_once_init (in /home/ofir)
==26834== by 0x1FC1089: tsi_create_ssl_server_handshaker_factory_with_options(tsi_ssl_server_handshaker_options const*, tsi_ssl_server_handshaker_factory**) (in /home/ofir)
==26834== by 0x1F7CAF9: (anonymous namespace)::grpc_ssl_server_security_connector::InitializeHandshakerFactory() (in /home/ofir)
==26834== by 0x1F7D324: grpc_ssl_server_security_connector_create(grpc_core::RefCountedPtr<grpc_server_credentials>) (in /home/ofir)
==26834== by 0x1F76F1B: grpc_ssl_server_credentials::create_security_connector() (in /home/ofir)
==26834== by 0x1F3113C: grpc_server_add_secure_http2_port (in /home/ofir)
==26834== by 0x1DEA56D: grpc_impl::SecureServerCredentials::AddPortToServer(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, grpc_server*) (in /home/ofir)
==26834== by 0x1E01B26: grpc_impl::Server::AddListeningPort(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, grpc_impl::ServerCredentials*) (in /home/ofir)
==26834== by 0x1DF0A78: grpc_impl::ServerBuilder::BuildAndStart() (in /home/ofir)
我是 运行 grpc 版本 1.30.0 ubuntu 20
我在这里发现了完全相同的问题,但没有评论:https://github.com/grpc/grpc/issues/8796
当 gRPC 客户端在 SSL_CTX_new 崩溃时,我遇到了类似的问题。事实证明,这是由于在构建 gRPC 时错误链接的 openssl 造成的。我用 -DgRPC_SSL_PROVIDER=package 重建了 gRPC,它解决了问题。
我有一个 Grpc 服务器,用 C++ 编写,在不安全的连接下工作得很好。
现在我正在尝试将连接更改为使用安全连接,因此我将凭据从 grpc::InsecureServerCredentials() 更改为 grpc::SslServerCredentials (opts),但服务器因分段错误而崩溃。
这是我的代码(我使用了与 grpc 示例完全相同的代码):
grpc::ServerBuilder builder;
grpc::SslServerCredentialsOptions ssl_opts;
ssl_opts.pem_root_certs = "";
grpc::SslServerCredentialsOptions::PemKeyCertPair pkcp = {server_key, server_cert};
ssl_opts.pem_key_cert_pairs.push_back(pkcp);
auto server_creds = SslServerCredentials(ssl_opts);
// builder.AddListeningPort(server_address, grpc::InsecureServerCredentials());
builder.AddListeningPort("localhost:5000", server_creds);
ServiceListerImpl service;
builder.RegisterService(&service);
builder.RegisterService("foo.test.youtube.com", &service);
auto server = builder.BuildAndStart();
我检查了server_key、server_cert,它们都是有效的。
错误堆栈跟踪:
stacktrace:
0x1d6265a SSL_CTX_new :0
0x1bfc98c tsi_create_ssl_server_handshaker_factory_with_options(tsi_ssl_server_handshaker_options const*, tsi_ssl_server_handshaker_factory**) :0
0x1bb828a (anonymous namespace)::grpc_ssl_server_security_connector::InitializeHandshakerFactory() :0
0x1bb8ab5 grpc_ssl_server_security_connector_create(grpc_core::RefCountedPtr<grpc_server_credentials>) :0
0x1bb26ac grpc_ssl_server_credentials::create_security_connector() :0
0x1b6c8bb grpc_server_add_secure_http2_port :0
0x1a24bf0 grpc_impl::SecureServerCredentials::AddPortToServer(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, grpc_server*) :0
0x1a3c207 grpc_impl::Server::AddListeningPort(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, grpc_impl::ServerCredentials*) :0
0x1a2b0fb grpc_impl::ServerBuilder::BuildAndStart() :0
尝试使用 valgrind 获取更多信息:
==26834== Conditional jump or move depends on uninitialised value(s)
==26834== at 0x1FBCA18: init_openssl() (in /home/ofir)
==26834== by 0xCF0C47E: __pthread_once_slow (pthread_once.c:116)
==26834== by 0x227592A: gpr_once_init (in /home/ofir)
==26834== by 0x1FC1089: tsi_create_ssl_server_handshaker_factory_with_options(tsi_ssl_server_handshaker_options const*, tsi_ssl_server_handshaker_factory**) (in /home/ofir)
==26834== by 0x1F7CAF9: (anonymous namespace)::grpc_ssl_server_security_connector::InitializeHandshakerFactory() (in /home/ofir)
==26834== by 0x1F7D324: grpc_ssl_server_security_connector_create(grpc_core::RefCountedPtr<grpc_server_credentials>) (in /home/ofir)
==26834== by 0x1F76F1B: grpc_ssl_server_credentials::create_security_connector() (in /home/ofir)
==26834== by 0x1F3113C: grpc_server_add_secure_http2_port (in /home/ofir)
==26834== by 0x1DEA56D: grpc_impl::SecureServerCredentials::AddPortToServer(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, grpc_server*) (in /home/ofir)
==26834== by 0x1E01B26: grpc_impl::Server::AddListeningPort(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, grpc_impl::ServerCredentials*) (in /home/ofir)
==26834== by 0x1DF0A78: grpc_impl::ServerBuilder::BuildAndStart() (in /home/ofir)
我是 运行 grpc 版本 1.30.0 ubuntu 20
我在这里发现了完全相同的问题,但没有评论:https://github.com/grpc/grpc/issues/8796
当 gRPC 客户端在 SSL_CTX_new 崩溃时,我遇到了类似的问题。事实证明,这是由于在构建 gRPC 时错误链接的 openssl 造成的。我用 -DgRPC_SSL_PROVIDER=package 重建了 gRPC,它解决了问题。