Differential D10343
[grpc_clients] fix gRPC client on native Authored by varun on Dec 14 2023, 6:44 PM. Tags None Referenced Files
Details
The gRPC client needs a set of root certificates for the TLS handshake. When running the keyserver (both inside a Docker container and not) or simulator, the client is able to locate the root certificates at one of the paths we had enumerated. However, on physical iOS and Android devices, the certificates have to be bundled with the app. The tls-webpki-roots feature adds Mozilla's root certificates to our rustls-based gRPC client, so we don't have to rely on platform certs. This branch contains @kamil's code from D10327. I used that code (and verifyUserLoggedIn on keyserver) to test that the shared gRPC client could talk to staging AND local identity services (https and http) from:
Diff Detail
Event TimelineComment Actions A couple buildkite jobs failed but that's expected since they were failing in D10327. I'm requesting review but will rebase and remove D10327 from my branch after the diff is accepted and run arc diff again to make sure the jobs all pass before landing. Keeping D10327 in the branch for now will make it easier for reviewers to check out the code and validate my test plan with yarn arcpatch. Comment Actions Nice! So it turns out only tls-webpki-roots is needed for all platforms. LGTM but I'll patch locally and check if it's also callable from other services (verify access token) before accepting Comment Actions Tested:
Comment Actions thanks for the quick review! will address the nit and rebase this branch to fix buildkite
Comment Actions https://buildkite.com/comm/ios-build/builds/20278 build actually succeeded on 4th attempt. going to land this | ||||||||||||||||||||||||||||||||||||||||||||||