1

I'm currently researching and trying to implement hashing/salting of password in my Golang server. Thanks to this answer, I learned about the stuff I needed. I already got the hashing and salting part, then I researched about TLS. I almost used the regular Golang way of doing things but I was also using gRPC so I looked for how to add TLS for that, and it was quite simple. I added the codes mentioned on the official documentation, but somehow that doesn't work.

To generate the .cert and .key, I followed this tutorial. Then this is what my code looks like.

//Server

certFile, certFileErr := os.ReadFile("server.crt")

if certFileErr != nil {
    log.Fatalf("Failed to read cert file: %v", certFileErr)
}

keyFile, keyFileErr := os.ReadFile("server.key")

if keyFileErr != nil {
    log.Fatalf("Failed to read key file: %v", keyFileErr)
}

creds, _ := credentials.NewServerTLSFromFile(string(certFile), string(keyFile))
mServ := grpc.NewServer(grpc.Creds(creds))

lis, err := net.Listen("tcp", "localhost:50051")

//Client

certFile, certFileErr := os.ReadFile("server.crt")

if certFileErr != nil {
    log.Fatalf("Failed to read cert file: %v", certFileErr)
}

creds, _ := credentials.NewClientTLSFromFile(string(certFile), "")
conn, err := grpc.Dial("localhost:50051", grpc.WithTransportCredentials(creds))

if err != nil {
    log.Fatalf("did not connect: %v", err)
}

I'm not quite sure how to pass a reference of the files to gRPC, so I thought I'd just do a regular file read. With all those stuff, when I a run the server side, it works fine. But when I run the client side, I get this error.

grpc: no transport security set (use grpc.WithTransportCredentials(insecure.NewCredentials()) explicitly or set credentials)

The error is quite confusing. I already want to not use security, but it's complaining that I'm downgrading. It's my first time doing this stuff, so I have no idea what's the regular process to implement security on a login.

Update:

After logging the error, it seems like my code can't find the .cert file. Which is weird because the path I used was already auto suggested by my IDE itself.

rminaj
  • 560
  • 6
  • 28
  • `creds, _ := credentials.NewClientTLSFromFile`, please do not ignore errors. Check and log the error. And this func accepts a parameter as the path to the CA cert. See the [doc](https://pkg.go.dev/google.golang.org/grpc/credentials#NewClientTLSFromFile). You should pass the path to the CA which is used to sign `server.crt` here. – Zeke Lu May 19 '23 at 08:06

1 Answers1

0

Ok, so this seems like quite a simple issue. I was using go run when running my code, which seems to make the .exe file be placed in a different directory as mentioned in this answer, so my code won't be able to find the certification files. Doing a go build fixed my issue.

rminaj
  • 560
  • 6
  • 28