Cannot create an SSL connection using secure authenticated channel

[atulfj]

I am trying to write an application using the current Certifier API. I was able to perform cold_init() and also solve an earlier error with certify_me() by generating new provisioned files. However, I have encountered another error during the initiation of an SSL connection. Following are the error messages:

From server side:
server_channel_accept_and_auth() error, line 3395, Can't SSL_accept connection, res=-1 Accept error(a00041b, 1051): SSL routines SSL_ERROR_ZERO_RETURN: zero return error

From client side:
init_client_ssl() error, line 3266, ssl_connect failed, ret=-1, err=1: SSL_ERROR_SSL: generic ssl error cannot init SSL channel as client

Initially I thought it was an issue with expired or invalid root certificates. After studying the certifier framework, I got the understanding that the arguments of cc_trust_manager::init_policy_key() are used as SSL certificates. So, I used embed_policy_key.exe --input=policy_cert_file.bin --output=policy_key.cc to generate a new certificate. However, the error remains persistent even after doing this.

I would appreciate any insight into this problem. Is there any step that I have missed, or am I doing something wrong that's why the SSL_accept() is failing?

[gapisback]

HI, @atulfj -- Sorry about the delay in responding.

Have you tried to go thru our sample apps programs to model the development of your code?

The example_app.cc in common/ dir is the canonical way we expect applications to be written.

Also the sample_apps/run_example.sh driver script is useful to run these sample apps. Did you get a chance to do that, and go thru its steps to figure out what certificate and other setup stuff you need to do in order to get the sample-app to work?

If you haven't already done so, I suggest you go thru the instructions in this README file and try out these commands, to exercise the steps to run the program in --dry-run mode.

That may give you some better insights on what you need to do to get your app working w.r.t. certificates and so on:

cd ./sample_apps

./run_example.sh --dry-run simple_app setup

./run_example.sh --dry-run simple_app run_test

Finally, if you can post some outputs from your setup steps you've taken, that might help some of the others on this group to debug your issue.

Cc: @jlmucb @yelvmw

[SnehaChaursia]

Hey team,

I reviewed this issue and identified that the build failure is happening due to missing dependencies, specifically the uuid-dev package, which provides the UUID header files required for the build.

Additionally, the Go installation commands in the current documentation are outdated (go get is deprecated), and the correct way to install the Go protobuf plugins is using the updated go install command.

For example, here’s the working set of commands:

# Install Go protobuf plugins
go install google.golang.org/protobuf/cmd/protoc-gen-go@latest
go install google.golang.org/grpc/cmd/protoc-gen-go-grpc@latest
# Add Go bin to PATH
export PATH=$PATH:$(go env GOPATH)/bin

Also, to fix the build issue, we need to ensure the uuid-dev package is installed:

sudo apt-get install uuid-dev

I would like to work on updating the documentation to include these fixes and help others avoid the same issues. Please assign this issue to me @jlmucb .

Thanks!