You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@skywalking.apache.org by GitBox <gi...@apache.org> on 2020/08/29 09:22:01 UTC

[GitHub] [skywalking] francis177 commented on issue #5349: plugin GRPC not support TLS

francis177 commented on issue #5349:
URL: https://github.com/apache/skywalking/issues/5349#issuecomment-683263710


   > After some debug, I found the cause of the bug.
   > The Jetcd Client builder will use `ClientConnectionManager` to build `ManagedChannel` with `SmartNameResolverFactory`.
   > When the authority has not been set, SmartNameResolverFactory will be initialized with an empty string authority.
   > 
   > ```java
   > // io.etcd.jetcd.ClientConnectionManager
   >         channelBuilder.nameResolverFactory(
   >             forEndpoints(
   >                 Util.supplyIfNull(builder.authority(), () -> ""),
   >                 builder.endpoints(),
   >                 Util.supplyIfNull(builder.uriResolverLoader(),
   >                     URIResolverLoader::defaultLoader)));
   > ```
   > 
   > >> @beiwangnull
   > you can set the value of authority explicitly to avoid the bug for now.
   > 
   > ```kotlin
   >             val client = Client.builder()
   >             .sslContext(context)
   >             .endpoints("http://server-host:2712")
   >             .authority("etcd") // Must be a SAN in server cert if <server-host> is not in cert
   >             .build()
   > ```
   > 
   > Reference: [etcd-io/jetcd#55](https://github.com/etcd-io/jetcd/issues/55), [etcd-io/jetcd#652](https://github.com/etcd-io/jetcd/issues/652), [grpc/grpc-java#2662](https://github.com/grpc/grpc-java/pull/2662)
   > 
   > >> @wu-sheng
   > We need to discuss how we do if we can't get authority from `ManagedChannel`, the name resolver could override the original value of authority.
   
   When using jetcd to connect etcd cluster via mTLS, the server cert will contain more than one domain, aka. etcd-1.com, etcd-2.com, etcd-3.com. Because .authority() accept single string. Separately, etcd-1.com or etcd-2.com or etcd-3.com as authority is all fine. How can I set all these there domains into jetcd client's authority ? Thanks


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org