-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Endpoint.connect() with TLS fails with InvalidDNSNameError #239
Comments
@corhere thanks for writing this up! If I understand correctly you are suggesting that we use |
@LucioFranco that is correct |
@LucioFranco that fix works for me. Thank you very much for the quick response! |
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Bug Report
Version
tonic v0.1.0
tonic-build v0.1.0
Platform
Darwin x86_64
Crates
webpki v0.21.0
Description
Creating a channel by calling
connect()
on anEndpoint
configured with a TLS config fails with the errorunless the
domain_name
option on theClientTlsConfig
is set. Contrary to the docs, thedomain_name
option is used (and required) even when therustls_client_config
option is set on the config.The inner
InvalidDNSNameError
comes from the webpki crate, returned at this line:tonic/tonic/src/transport/service/tls.rs
Line 88 in 5fc6762
When the
ClientTlsConfig
builds aTlsConnector
, the entire connection URI string is used as the domain name if the domain name has not been set on the config.tonic/tonic/src/transport/channel/tls.rs
Lines 83 to 86 in 5fc6762
I would expect the
domain_name
option to actually be optional, and for connections to succeed in the common case when the host component of the connection URI matches the domain name for TLS SNI.The text was updated successfully, but these errors were encountered: