Client, how to ignore self signed SSL (skip-verify) ? #160

jkristia · 2022-07-20T14:20:11Z

jkristia
Jul 20, 2022

I'm not able to connect to a device that is using self signed certificate.
When using gnmic I add --skip-verify. How can I set this when using createSsl() ?

const channel = createChannel(`${host}:${port}`, ChannelCredentials.createSsl());

I tried this, but checkServerIdentity is not being called

    const channel = createChannel(`${host}:${port}`, ChannelCredentials.createSsl(null, null, null, {
            checkServerIdentity: (hostname: string, cert: PeerCertificate) => {
                return undefined;
            }
        })
    );

This is the error in subchannel.js

Error: self signed certificate
    at TLSSocket.onConnectSecure (node:_tls_wrap:1532:34)
    at TLSSocket.emit (node:events:527:28)
    at TLSSocket._finishInit (node:_tls_wrap:946:8)
    at TLSWrap.ssl.onhandshakedone (node:_tls_wrap:727:12)
    at TLSWrap.callbackTrampoline (node:internal/async_hooks:130:17) {code: 'DEPTH_ZERO_SELF_SIGNED_CERT', stack: 'Error: self signed certificate
    at TLSSock…Trampoline (node:internal/async_hooks:130:17)', message: 'self signed certificate'}

Answered by aikoven

Jul 28, 2022

I found one way to do it by overriding ConnectionOptions in ChannelCredentials to add rejectUnauthorized: false:

import {CallCredentials} from '@grpc/grpc-js';
import {ChannelCredentials, createChannel} from 'nice-grpc';
import {ConnectionOptions} from 'tls';

class InsecureSSLChannelCredentials extends ChannelCredentials {
  constructor(
    private parent: ChannelCredentials = ChannelCredentials.createSsl(),
  ) {
    super();
  }

  _getConnectionOptions(): ConnectionOptions | null {
    return {
      ...this.parent._getConnectionOptions(),
      rejectUnauthorized: false,
    };
  }
  compose(callCredentials: CallCredentials): ChannelCredentials {
    return new InsecureSSLChannelCre…

View full answer

aikoven · 2022-07-28T06:47:55Z

aikoven
Jul 28, 2022
Maintainer

I found one way to do it by overriding ConnectionOptions in ChannelCredentials to add rejectUnauthorized: false:

import {CallCredentials} from '@grpc/grpc-js';
import {ChannelCredentials, createChannel} from 'nice-grpc';
import {ConnectionOptions} from 'tls';

class InsecureSSLChannelCredentials extends ChannelCredentials {
  constructor(
    private parent: ChannelCredentials = ChannelCredentials.createSsl(),
  ) {
    super();
  }

  _getConnectionOptions(): ConnectionOptions | null {
    return {
      ...this.parent._getConnectionOptions(),
      rejectUnauthorized: false,
    };
  }
  compose(callCredentials: CallCredentials): ChannelCredentials {
    return new InsecureSSLChannelCredentials(
      this.parent.compose(callCredentials),
    );
  }
  _isSecure(): boolean {
    return this.parent._isSecure();
  }
  _equals(other: ChannelCredentials): boolean {
    return (
      other instanceof InsecureSSLChannelCredentials &&
      other.parent._equals(this.parent)
    );
  }
}

const channel = createChannel(
  `${host}:${port}`,
  new InsecureSSLChannelCredentials(),
);

1 reply

jkristia Jul 28, 2022
Author

super, that works.
Thank you very much for your help

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Client, how to ignore self signed SSL (skip-verify) ? #160

{{title}}

Replies: 1 comment 1 reply

{{title}}

{{title}}

Select a reply

Client, how to ignore self signed SSL (skip-verify) ? #160

jkristia Jul 20, 2022

Replies: 1 comment · 1 reply

aikoven Jul 28, 2022 Maintainer

jkristia Jul 28, 2022 Author

jkristia
Jul 20, 2022

Replies: 1 comment 1 reply

aikoven
Jul 28, 2022
Maintainer

jkristia Jul 28, 2022
Author