Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Grpc Health Check: tls_skip_verify value is ignored #19110

Closed
MaheshBGajera opened this issue Oct 7, 2023 · 1 comment
Closed

Grpc Health Check: tls_skip_verify value is ignored #19110

MaheshBGajera opened this issue Oct 7, 2023 · 1 comment

Comments

@MaheshBGajera
Copy link

Overview of the Issue

I am registering a grpc service on consul with grpc health check. My service runs on self signed tls certificate and hence I want health check to skip cert verification and as documented, I used tls_skip_verify=true in this registration request but it has no effect, health check keeps on failing with error 'certificate signed by unknown authority'.

I am using latest version of consul.

here is the sample json payload which I use to register service to consul.
{ 'id': 'test', 'name': 'test', 'address': 'host ip here', 'port': 6666, 'check': { 'name': 'xyz-check', 'grpc': '127.0.0.1:6666', 'grpc_use_tls': true, 'tls_skip_verify': true, 'interval': '10s' }, 'enable_tag_override': false, 'meta': { 'maxCapacity': 10, 'availableCapacity': 10, 'usesTls': true' }, 'tags': [ 'test' ] }

Reproduction Steps

Use latest version of consul and register check for a grpc secure service where in service is running on self signed certificate. use skip_cert_verify=true to skip cert verification but it will be ignored.

Consul info for both Client and Server

Client info 
agent:
        check_monitors = 0
        check_ttls = 0
        checks = 1
        services = 1
build:
        prerelease = 
        revision = 68f81912
        version = 1.16.2
        version_metadata = 
consul:
        acl = disabled
        known_servers = 1
        server = false
runtime:
        arch = amd64
        cpu_count = 16
        goroutines = 49
        max_procs = 16
        os = linux
        version = go1.20.8
serf_lan:
        coordinate_resets = 0
        encrypted = false
        event_queue = 0
        event_time = 8
        failed = 0
        health_score = 0
        intent_queue = 0
        left = 0
        member_time = 5069
        members = 5
        query_queue = 0
        query_time = 4

{
    "client_addr": "0.0.0.0",
    "data_dir": "/opt/consul",
    "datacenter":"test",
    "enable_script_checks": false,
    "log_level": "INFO",
    "retry_join": [ "test-server01.test.some.com" ],
    "server": false
}

Operating system and Environment details

Linux #50~20.04.1-Ubuntu SMP x86_64 x86_64 x86_64 GNU/Linux
@MaheshBGajera
Copy link
Author

Please Ignore.

Issue is with Nodejs lib we use.

@MaheshBGajera MaheshBGajera closed this as not planned Won't fix, can't repro, duplicate, stale Oct 7, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@MaheshBGajera