grpc: Cannot check peer: missing selected ALPN property in Grpc Core client
What version of gRPC and what language are you using?
Grpc Core 2.41.0
What operating system (Linux, Windows,…) and version?
Windows 10
What runtime / compiler are you using (e.g. python version or version of gcc)
netcoreapp3.1
What did you do?
See description in https://github.com/googleapis/google-cloud-dotnet/issues/8315 for what I ran. I ran a version of this in a simplified console application. I’m working behind a company VPN Zscaler and I have setup the environment variable GRPC_DEFAULT_SSL_ROOTS_FILE_PATH as was suggested in the above issue.
What did you expect to see?
I expected to retrieve the secrets
What did you see instead?
I got the exception described in https://github.com/googleapis/google-cloud-dotnet/issues/8315. Then I setup the debug variables as recommended:
GRPC_TRACE=all
GRPC_VERBOSITY=DEBUG
I re-ran the application and got the following output
I0406 11:52:40.189461 0 ..\..\..\src\core\tsi\ssl_transport_security.cc:223: LOOP - TLS 1.3 client read_hello_retr - !!!!!!
I0406 11:52:40.189570 0 ..\..\..\src\core\tsi\ssl_transport_security.cc:223: LOOP - TLS 1.3 client read_server_hel - !!!!!!
I0406 11:52:40.189833 0 ..\..\..\src\core\tsi\ssl_transport_security.cc:223: LOOP - TLS 1.3 client read_encrypted_ - !!!!!!
I0406 11:52:40.189903 0 ..\..\..\src\core\tsi\ssl_transport_security.cc:223: LOOP - TLS 1.3 client read_certificat - !!!!!!
I0406 11:52:40.190047 0 ..\..\..\src\core\tsi\ssl_transport_security.cc:223: LOOP - TLS 1.3 client read_server_cer - !!!!!!
I0406 11:52:40.190361 0 ..\..\..\src\core\tsi\ssl_transport_security.cc:223: LOOP - TLS 1.3 client read_server_cer - !!!!!!
I0406 11:52:40.190751 0 ..\..\..\src\core\tsi\ssl_transport_security.cc:223: LOOP - TLS 1.3 client read_server_fin - !!!!!!
I0406 11:52:40.190854 0 ..\..\..\src\core\tsi\ssl_transport_security.cc:223: LOOP - TLS 1.3 client send_end_of_ear - !!!!!!
I0406 11:52:40.190995 0 ..\..\..\src\core\tsi\ssl_transport_security.cc:223: LOOP - TLS 1.3 client send_client_enc - !!!!!!
I0406 11:52:40.191134 0 ..\..\..\src\core\tsi\ssl_transport_security.cc:223: LOOP - TLS 1.3 client send_client_cer - !!!!!!
I0406 11:52:40.191281 0 ..\..\..\src\core\tsi\ssl_transport_security.cc:223: LOOP - TLS 1.3 client complete_second - !!!!!!
I0406 11:52:40.191448 0 ..\..\..\src\core\tsi\ssl_transport_security.cc:223: LOOP - TLS 1.3 client done - !!!!!!
I0406 11:52:40.191846 0 ..\..\..\src\core\tsi\ssl_transport_security.cc:223: LOOP - TLS client finish_client_hands - !!!!!!
I0406 11:52:40.193175 0 ..\..\..\src\core\tsi\ssl_transport_security.cc:223: LOOP - TLS client done - !!!!!!
I0406 11:52:40.193332 0 ..\..\..\src\core\tsi\ssl_transport_security.cc:223: HANDSHAKE DONE - TLS client done - !!!!!!
I0406 11:52:40.193552 0 ..\..\..\src\core\lib\iomgr\tcp_windows.cc:363: WRITE
000002374C08AE60 (peer=ipv4:XXXXX): XXXXX
D0406 11:52:40.194096 0 ..\..\..\src\core\lib\security\transport\security_handshaker.cc:184: Security handshake failed: {"created":"@1649242360.194000000","description":"Cannot check peer: missing selected ALPN property.","file":"..\..\..\src\core\lib\security\security_connector\ssl_utils.cc","file_line":162}
I0406 11:52:40.194405 0 ..\..\..\src\core\lib\channel\handshaker.cc:89: handshake_manager 000002374C0841E0: error={"created":"@1649242360.194000000","description":"Cannot check peer: missing selected ALPN property.","file":"..\..\..\src\core\lib\security\security_connector\ssl_utils.cc","file_line":162} shutd
own=0 index=2, args={endpoint=(nil), args=(nil) {size=0: }, read_buffer=(nil) (length=0), exit_early=0}
I0406 11:52:40.194771 0 ..\..\..\src\core\lib\channel\handshaker.cc:122: handshake_manager 000002374C0841E0: handshaking complete -- scheduling on_handshake_done with error={"created":"@1649242360.194000000","description":"Cannot check peer: missing selected ALPN property.","file":"..\..\..\src\core\lib\secur
ity\security_connector\ssl_utils.cc","file_line":162}
I0406 11:52:40.195076 0 ..\..\..\src\core\lib\iomgr\timer_generic.cc:450: TIMER 000002374C084248: CANCEL pending=true
I0406 11:52:40.195417 0 ..\..\..\src\core\lib\iomgr\resource_quota.cc:840: RU '142.251.39.106:443' (000002374C0EAE80) unreffing: 1 -> 0
I0406 11:52:40.195588 0 ..\..\..\src\core\ext\filters\client_channel\subchannel.cc:1012: Connect failed: {"created":"@1649242360.194000000","description":"Cannot check peer: missing selected ALPN property.","file":"..\..\..\src\core\lib\security\security_connector\ssl_utils.cc","file_line":162}
I0406 11:52:40.195955 0 ..\..\..\src\core\ext\filters\client_channel\client_channel.cc:626: chand=000002374C083CF0: connectivity change for subchannel wrapper 000002374C1F1AE0 subchannel 000002374C12FC50; hopping into work_serializer
I0406 11:52:40.196144 0 ..\..\..\src\core\ext\filters\client_channel\client_channel.cc:661: chand=000002374C083CF0: processing connectivity change in work serializer for subchannel wrapper 000002374C1F1AE0 subchannel 000002374C12FC50 watcher=000002374C6DFE10
I0406 11:52:40.196322 0 T:\src\github\grpc\workspace_csharp_ext_windows_x64\src/core/ext/filters/client_channel/lb_policy/subchannel_list.h:243: [pick_first 000002374C085720] subchannel list 000002374C1F6E90 index 0 of 2 (subchannel 000002374C1F1AE0): connectivity changed: state=TRANSIENT_FAILURE, shutting_do
Make sure you include information that can help us debug (full error message, exception listing, stack trace, logs).
See TROUBLESHOOTING.md for how to diagnose problems better.
Anything else we should know about your project / environment?
About this issue
- Original URL
- State: closed
- Created 2 years ago
- Comments: 31 (14 by maintainers)
@ZhenLian can you please provide some insight on what could be wrong when the “ssl_alpn_selected_protocol” property is missing after a handshake?
Cannot check peer: missing selected ALPN property.","file":"..\..\..\src\core\lib\security\security_connector\ssl_utils.cc","file_line":162}. Could it be that the custom roots.pem is misconfigured? It may be that the error produced just isn’t helpful enough to identify the rootcause.