grpc-go: grpc.Dial does not return an error on bad certificates

When using mutual-TLS with mismatched certificates, calling grpc.Dial(..., grpc.WithBlock()) never returns. The client connection is happily banging its head against bad certificate errors and never reports an error to the caller.

Worse, it seems that WithBlock() is extremely unreliable. It blocks until the connection is connected, but rarely returns a non-nil error to the caller in the error case (connection refused is one case where it does the right thing).

About this issue

  • Original URL
  • State: closed
  • Created 8 years ago
  • Comments: 25 (22 by maintainers)

Most upvoted comments

There are some cases (like ours) where there is no load balancer in the picture. There should be some way of treating this error as non transient, even if it’s not the default behaviour.

On Thu, Mar 31, 2016 at 10:03 PM, Qi Zhao notifications@github.com wrote:

I can imagine that in some cases the name resolver or load balancer may direct you to another server which can accepts the cert. I am still debating with myself whether I should introduce some more tweaks into the connection errors.

— You are receiving this because you authored the thread. Reply to this email directly or view it on GitHub https://github.com/grpc/grpc-go/issues/622#issuecomment-204207188

+3
tamird on Apr 1, 2016

It’s not true that the problem is typically on the server. If the server rejects the client’s certificate, it is almost certainly true that the client is at fault, and the RPC will never succeed.

On Jul 18, 2016 14:36, “Qi Zhao” notifications@github.com wrote:

@tamird https://github.com/tamird I think typically this kind of error is on the server side and there is some chance a newly started server fixing the problem. Technically, a non-fail-fast rpc never fails with a single connection error regardless it is fatal or not.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/grpc/grpc-go/issues/622#issuecomment-233418002, or mute the thread https://github.com/notifications/unsubscribe-auth/ABdsPOSgAK1wPahOWsMKLGcJHsLwpZukks5qW8eSgaJpZM4H8-3F .

+1
tamird on Jul 18, 2016
Read more comments on GitHub
← grpc-go: gRPC connection closing with unexpected EOF on high-latency connections
grpc-go: rpc error: code = Unavailable desc = transport is closing error happened when launching multiple goroutines to send request by grpc client →