Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Conditionally use WebPKI trust anchors to validate certs #44

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Conditionally use WebPKI trust anchors to validate certs #44

wants to merge 1 commit into from

Conversation

litch
Copy link
Contributor

@litch litch commented Apr 9, 2024
edited
Loading

This (finally) addresses #1 (and #24).

The interface of it is perhaps not ideal, but this is the actual logic that we need. Optionally we could set a more explicit config value instead of passing a non-path. I'd love feedback on that front.

The change is pretty trivial but it wound up being kind of a pain chasing through the relevant versions of (very old) rustls/webpki_roots to decide which versions will work elegantly together.

@grunch
Copy link
Contributor

grunch commented Jul 9, 2024

How can I test this one? I'm running this:

async fn main() {
    let address = "https://mynode.m.gcp.voltageapp.io";
    let cert_file = "";
    // let cert_file = "/path/to/tls.cert";
    let macaroon_file = "/path/to/admin.macaroon";

    // Connecting to LND requires only address, cert file, and macaroon file
    let mut client = tonic_lnd::connect(address, cert_file, macaroon_file)
        .await
        .expect("failed to connect");

    let info = client
        .lightning()
        // All calls require at least empty parameter
        .get_info(tonic_lnd::lnrpc::GetInfoRequest {})
        .await
        .expect("failed to get info");

    // We only print it here, note that in real-life code you may want to call `.into_inner()` on
    // the response to get the message.
    println!("{:#?}", info);
}

But I'm getting this response:

thread 'main' panicked at src/main.rs:18:10:
failed to connect: ConnectError { internal: ReadFile { file: "", error: Os { code: 2, kind: NotFound, message: "No such file or directory" } } }
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

@litch
Copy link
Contributor Author

litch commented Jul 9, 2024

Do you have a file at "/path/to/admin.macaroon"?

@grunch
Copy link
Contributor

grunch commented Jul 11, 2024

Do you have a file at "/path/to/admin.macaroon"?

yes

@grunch
Copy link
Contributor

grunch commented Jul 11, 2024
edited
Loading

I think that No such file or directory message is related to the tls.cert file because if I replace it with let cert_file = "/path/to/.polar/networks/2/volumes/lnd/alice/tls.cert";

I get this error

failed to connect: ConnectError { internal: Connect { address: "https://mynode.m.gcp.voltageapp.io", error: tonic::transport::Error(Transport, hyper::Error(Connect, Custom { kind: InvalidData, error: General("Mismatched number of certificates (Expected: 1, Presented: 2)") })) } }
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@litch @grunch