TechQA.

Can't use SSL with gRPC service invocation through Dapr

249 views Asked by At

I'm using Dapr v1.10.0 to do gRPC service invocation between services. The calls are failing with:

info: System.Net.Http.HttpClient.ManagerServiceClient.LogicalHandler[100]
      Start processing HTTP request POST https://localhost:64904/ManagerService/GetManagerInfo
info: System.Net.Http.HttpClient.ManagerServiceClient.ClientHandler[100]
      Sending HTTP request POST https://localhost:64904/ManagerService/GetManagerInfo
fail: Grpc.Net.Client.Internal.GrpcCall[6]
      Error starting gRPC call.
      System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
       ---> System.Security.Authentication.AuthenticationException: Cannot determine the frame size or a corrupted frame was received.

The call does not generate any log messages in the sidecar log.

If I bypass Dapr by changing the port in the URI from the value found in the DAPR_GRPC_PORT environment variable to the port exposed by my service, the gRPC calls work fine.

I believe that the only certificates installed are the ones installed by:

dotnet dev-certs https --clean
dotnet dev-certs https --trust

I tried enabling mTLS by following the instructions found in:

https://docs.dapr.io/operations/security/mtls/

but, that resulted in errors in the sidecars:

time="2023-02-21T09:57:23.5657516-05:00" level=debug msg="error connecting to placement service: rpc error: code = Unavailable desc = last connection error: connection error: desc = \"transport: authentication handshake failed: tls: first record does not look like a TLS handshake\"" app_id=manager instance=Attic scope=dapr.runtime.actor.internal.placement type=log ver=1.10.0
time="2023-02-21T09:57:24.0698186-05:00" level=debug msg="try to connect to placement service: dns:///localhost:6050" app_id=manager instance=Attic scope=dapr.runtime.actor.internal.placement type=log ver=1.10.0

This is a development environment. I have been using Project Tye but I have also tried manually starting Dapr and my services to try to eliminate Tye as the source of the problem.

My questions are:

  • Should Dapr be able to use the dotnet dev certs?
  • Do I need mTLS enabled to use https with gRPC calls?
  • Why can a direct service to service call establish an SSL connection but a call to the sidecar cannot?
dapr tye
Original Q&A
0

There are 0 answers

Related Questions in DAPR

Related Questions in TYE

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions