Hello,
I'm porting my gRPC client from the Netty channel to OkHTTP so I can use it on Android. This client is connecting to a gRPC server over TLS, but the server is on a private network and uses a self-signed certificate. In Netty, I can do the following have the host name verification disabled:
GrpcSslContexts.forClient()
.trustManager(InsecureTrustManagerFactory.INSTANCE)
.build()
That'll give me an SSL context that I can pass to NettyChannelBuilder.forAddress(...).useTransportSecurity()..sslContext(insecureTlsContext). How can I do something like this with the OkHTTP channel?
I've managed to get something to work by cheating and using Netty's InsecureTrustManagerFactory.INSTANCE, but it doesn't make sense to have the Netty channel as a dependency just for this. Also, I read on SECURITY.md that it's a bad idea to have both.
This client is connecting to a gRPC server over TLS, but the server is on a private network and uses a self-signed certificate.
You can use ManagedChannelBuilder#overrideAuthority for self-signed certificate. Bypassing hostname verification completely makes TLS provide no value and you should just use plaintext.
You can also see a complete example of configuring a test cert in our Android interop client here
Thank you both for the pointers! :+1: